E Commerce

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH
TECH
STUDY MATERIAL
ELECTRONIC COMMERCE
DEPARTMENT OF MCA
JUNE – 2010
R S
Vel Tech
Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering
College
Vel Tech High Tech Dr. Rangarajan Dr.Sakunthala Engineering
College
SEM - V
TECH
TECH
INDEX
UNITS PAGE NO.
I. Introduction 06
II. Security Technologies 30
III. Electronic Payment Methods 48
IV. Electronic Commerce Providers 75
V. Online Commerce Environments 84

TECH
TECH
# 42 & 60, Avadi – Veltech Road, Avadi, Chennai – 62.
Phone : 044 26840603 email : veltech@vsnl.com

26841601 website : www.vel-tech.org
26840766 www.veltechuniv.edu.in
R S
∗Student Strength of Vel Tech increased from 413 to 10579, between 1997 and 2010.
∗Our heartfelt gratitude to AICTE for sanctioning highest number of seats and highest number
of courses for the academic year 2009 – 2010 in Tamil Nadu, India.
∗Consistent success on academic performance by achieving 97% - 100% in University examination
results during the past 4 academic years.
∗Tie-up with Oracle Corporation for conducting training programmes & qualifying our students
for International Certifications.
∗Permission obtained to start Cisco Networking Academy Programmes in our College campus.
∗Satyam Ventures R&D Centre located in Vel Tech Engineering College premises.
∗Signed MOU with FL Smidth for placements, Project and Training.
∗Signed MOU with British Council for Promotion of High Proficiency in Business English,
of the University of Cambridge, UK (BEC).
∗Signed MOU with NASSCOM.
∗MOU’s currently in process is with Vijay Electrical and One London University.
∗Signed MOU with INVICTUS TECHNOLOGY for projects & Placements.
∗Signed MOU with SUTHERLAND GLOBAL SERVICES for Training & Placements.
∗Signed MOU with Tmi First for Training & Placements.
VELTECH, VEL TECH MULTI TECH engineering colleges Accredited by TCS
VEL TECH, VEL TECH MULTI TECH, VEL TECH HIGH TECH, engineering colleges & VEL SRI RANGA SANKU
(ARTS & SCIENCE) Accredited by CTS.
Companies Such as TCS, INFOSYS TECHNOLOGIES, IBM, WIPRO TECHNOLOGIES, KEANE SOFTWARE & T
INFOTECH, ACCENTURE, HCL TECHNOLOGIES, TCE Consulting Engineers, SIEMENS, BIRLASOFT,
MPHASIS(EDS), APOLLO HOSPITALS, CLAYTON, ASHOK LEYLAND, IDEA AE & E, SATYAM VENTURES,
UNITED ENGINEERS, ETA-ASCON, CARBORANDUM UNIVERSAL, CIPLA, FUTURE GROUP, DELPHI-TVS
DIESEL SYSTEMS, ICICI PRULIFE, ICICI LOMBARD, HWASHIN, HYUNDAI, TATA CHEMICAL LTD, RECKITT
BENKIZER, MURUGAPPA GROUP, POLARIS, FOXCONN, LIONBRIDGE, USHA FIRE SAFETY, MALCO,
YOUTELECOM, HONEYWELL, MANDOBRAKES, DEXTERITY, HEXAWARE, TEMENOS, RBS, NAVIA MARKETS,
EUREKHA FORBES, RELIANCE INFOCOMM, NUMERIC POWER SYSTEMS, ORCHID CHEMICALS, JEEVAN
DIESEL, AMALGAMATION CLUTCH VALEO, SAINT GOBAIN, SONA GROUP, NOKIA, NICHOLAS PHARIMAL,
SKH METALS, ASIA MOTOR WORKS, PEROT, BRITANNIA, YOKAGAWA FED BY, JEEVAN DIESEL visit our
campus annually to recruit our final year Engineering, Diploma, Medical and Management Students.
Preface to the First Edition

TECH
TECH
This edition is a sincere and co-ordinated effort which we hope has
made a great difference in the quality of the material. “Giving the best to
the students, making optimum use of available technical facilities &
intellectual strength” has always been the motto of our institutions. In
this edition the best staff across the group of colleges has been chosen to
develop specific units. Hence the material, as a whole is the merge of the
intellectual capacities of our faculties across the group of Institutions. 45
to 60, two mark questions and 15 to 20, sixteen mark questions for each
unit are available in this material.
Prepared By : Ms. X. Agnes Kala Rani.

Asst. Professor.
MC1622 ELECTRONIC COMMERCE

1. INTRODUCTION
6
Networks and Commercial Transactions - Internet and Other Novelties -

Electronic Transactions Today - Commercial Transactions - Establishing
Trust - Internet Environment - Internet Advantage - World Wide Web.
2. SECURITY TECHNOLOGIES
9
TECH
TECH
Why Internet Is Unsecure - Internet Security Holes - Cryptography : Objective -

Codes and Ciphers - Breaking Encryption Schemes - Data Encryption
Standard - Trusted Key Distribution and Verification - Cryptographic
Applications - Encryption - Digital Signature - Nonrepudiation and
Message Integrity.
3. ELECTRONIC PAYMENT METHODS
9
Traditional Transactions : Updating - Offline and Online Transactions - Secure

Web Servers - Required Facilities - Digital Currencies and Payment
Systems - Protocols for the Public Transport - Security Protocols - SET -
Credit Card Business Basics.
4. ELECTRONIC COMMERCE PROVIDERS
9
Online Commerce Options - Functions and Features - Payment Systems : Electronic,
Digital and Virtual Internet Payment System - Account Setup and Costs - Virtual
Transaction Process - InfoHaus - Security Considerations – CyberCash: Model -
Security - Customer Protection - Client Application - Selling through CyberCash.
5. ONLINE COMMERCE ENVIRONMENTS
12
Servers and Commercial Environments - Payment Methods - Server Market

Orientation - Netscape Commerce Server - Microsoft Internet Servers - Digital
Currencies - DigiCash - Using Ecash - Ecash Client Software and Implementation -
Smart Cards - The Chip - Electronic Data Interchange - Internet Strategies,
Techniques and Tools.
TEXT BOOKS
1.Pete Loshin, “Electronic Commerce”, 4th Edition, Firewall media, An imprint of laxmi
publications Pvt. Ltd., New Delhi, 2004.
REFERENCES
Jeffrey F.Rayport and Bernard J. Jaworski, “Introduction to E-Commerce”, 2nd Edition,
Tata Mc-Graw Hill Pvt., Ltd., 2003.
Greenstein, “Electronic Commerce”, Tata Mc-Graw Hill Pvt., Ltd., 2000.
UNIT – I
PART – A
1. Define E-Commerce.
Electric commerce: the conducting of business communication and transactions

over networks and through computers. Specifically, ecommerce is the buying and

TECH
TECH
selling of goods and services, and the transfer of funds, through digital
communications.
2. What is Internet ?
The internet is a collection of wires, protocols and hardware that allows the
electronic transmission of data over TCP/IP. The Internet forms a global n/w of
computers that can share data and programs. the computers are connected through a
series of LAN, WAN and transfer data through he communication rules set forth by the
TCP/IP.
Four Components to use the Internet in an easy manner:

1. DNS(Domain Name System).
2. Packet switching , routing
3. TCP
4. IP Address
TCP -> S/w ensures the safe and reliable transfer of the data.
IP -> IP S/w sets the rules for data transfer over a n/w.
3. How the internet works ?
a. Addressing and the Domain name system:
Each and every system have its own unique IP address. Sun Microsystems
developed the DNS in the early 1980s. It converted numeric IP address into character
IPaddress.
b. Packet Switching:
Internet is a packet switched system. All data transferred across the internet is
broken into packets.
c. Routing:
It serve as intermediaries b/w the n/w.
Building blocks of the internet. They direct traffic and translate msg so that
different n/w technologies can communicate with one another.
4. What is a Network?
A “network” has been defined as any set of interlinking lines resembling a net, a
network of roads || an interconnected system, a network of alliances.'' This definition
suits our purpose well: a computer network is simply a system of interconnected
computers. How they're connected is irrelevant, and as we'll soon see, there are a
number of ways to do this.
5. Components of a Network:
TECH
TECH
The components given below are mainly used in Network Security.
1. Concentrator
2. Hub
3. Repeater
4. Bridges
5. Modem
6. Routers
7. Cables
6. What is Security?
In the computer industry, refers to techniques for ensuring that data stored in a
computer cannot be read or compromised by any individuals without authorization.
Most security measures involve data encryption and passwords. Data encryption is
the translation of data into a form that is unintelligible without a deciphering
mechanism. A password is a secret word or phrase that gives a user access to a
particular program or system.
7. Network security :
Consists of the provisions made in an underlying computer network
infrastructure, policies adopted by the network administrator to protect the network
and the network-accessible resources from unauthorized access and the effectiveness
(or lack) of these measures combined together.
8. What is a protocol?
A protocol is a well-defined specification that allows computers to communicate

across a network. In a way, protocols define the "grammar" that computers can use to
"talk" to each other.
9. What is IP?
IP stands for "Internet Protocol". It can be thought of as the common language

of computers on the Internet. There are a number of detailed descriptions of IP given
elsewhere, so we won't cover it in detail in this document
10. What is an IP address?
IP addresses are analogous to telephone numbers – when you want to call

someone on the telephone, you must first know their telephone number. Similarly,
when a computer on the Internet needs to send data to another computer, it must
first know its IP address. IP addresses are typically shown as four numbers separated
by decimal points, or “dots”. For example, 10.24.254.3 and 192.168.62.231 are IP
addresses
11. Transfer Control Protocol:

TECH
TECH
TCP is a transport-layer protocol. It needs to sit on top of a network-layer

protocol, and was designed to ride atop IP. (Just as IP was designed to carry, among
other things, TCP packets.) Because TCP and IP were designed together and wherever
you have one, you typically have the other, the entire suite of Internet protocols are
known collectively as ``TCP/IP.'' TCP itself has a number of important features that
we'll cover briefly.
12. Types of Network:
a. LAN(Local Area Network).

b. WAN(Wide Area Network).
c. MAN(Metropolitan Area Network).
13. E-commerce models.
a.B2C3.B2G 5.C2B(Consumer to Business)

b.B2B4.C2C
14. What are the Advantages of Electronic payment systems?
• They work in the same way as traditional checks, thus simplifying customer
education
• Electronic checks are well suited for clearing micro payments
• Electronic checks create float and the availability of float is an important
requirement for
commerce.
• Financial risk is assumed by the accounting server and may result in easier
acceptance.
15. What are the advantages of TCP/IP Protocol?
• They are everywhere! It's the common worldwide standard now for networking.
• Interoperability: different types computers from different vendors can
communicate seamlessly if they speak the same TCP/IP language.
• Built-in intelligent mechanisms for error and flow control.
• Many others, just Google advantages of TCP/IP.
16. What are the advantages of E-Commerce?
• New marketing time opportunities.

• Electronic bill presentment and payment services
• Related products and cross selling
• Featured product listing
• Coupon codes, gift certificates
• Inventory control
• Backorders allowed

TECH
TECH
17. What is commercial transaction?
A commercial contract deals with purely business or commercial transaction. Any

contract, as long as the parties fulfill their respective promises
PART – B
1. EXPLAIN INTERNET ENVIRONMENT
A worldwide system of interconnected computer networks. The origins of the

Internet can be traced to the creation of ARPANET (Advanced Research Projects
Agency Network) as a network of computers under the auspices of the U.S.
Department of Defense in 1969. Today, the Internet connects millions of computers
around the world in a nonhierarchical manner unprecedented in the history of
communications. The Internet is a product of the convergence of media, computers,
and telecommunications. It is not merely a technological development but the product
of social and political processes, involving both the academic world and the
government (the Department of Defense). From its origins in a nonindustrial,
noncorporate environment and in a purely scientific culture, it has quickly diffused
into the world of commerce.
The Internet is a combination of several media technologies and an electronic

version of newspapers, magazines, books, catalogs, bulletin boards, and much more.
This versatility gives the Internet its power.
Technological features
The Internet 'Ls technological success depends on its principal communication

tools, the Transmission Control Protocol (TCP) and the Internet Protocol (IP). They are
TECH
TECH
referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that
defines the rules of communication. TCP breaks down and reassembles packets,
whereas IP is responsible for ensuring that the packets are sent to the right
destination.
Data travels across the Internet through several levels of networks until it
reaches its destination. E-mail messages arrive at the mail server (similar to the local
post office) from a remote personal computer connected by a modem, or a node on a
local-area network. From the server, the messages pass through a router, a special-
purpose computer ensuring that each message is sent to its correct destination. A
message may pass through several networks to reach its destination. Each network
has its own router that determines how best to move the message closer to its
destination, taking into account the traffic on the network. A message passes from
one network to the next, until it arrives at the destination network, from where it can
be sent to the recipient, who has a mailbox on that network. See also Electronic mail;
Local-area networks; Wide-area networks.
TCP/IP
TCP/IP is a set of protocols developed to allow cooperating computers to share

resources across the networks. The TCP/IP establishes the standards and rules by
which messages are sent through the networks. The most important traditional TCP/IP
services are file transfer, remote login, and mail transfer.
The file transfer protocol (FTP) allows a user on any computer to get files from
another computer, or to send files to another computer. Security is handled by
requiring the user to specify a user name and password for the other computer.
The network terminal protocol (TELNET) allows a user to log in on any other
computer on the network. The user starts a remote session by specifying a computer
to connect to. From that time until the end of the session, anything the user types is
sent to the other computer.
Mail transfer allows a user to send messages to users on other computers.

Originally, people tended to use only one or two specific computers. They would
maintain “mail files” on those machines. The computer mail system is simply a way
for a user to add a message to another user's mail file.
Other services have also become important: resource sharing, diskless

workstations, computer conferencing, transaction processing, security, multimedia
access, and directory services.
TCP is responsible for breaking up the message into datagrams, reassembling

the datagrams at the other end, resending anything that gets lost, and putting things
back in the right order. IP is responsible for routing individual datagrams. The
datagrams are individually identified by a unique sequence number to facilitate
reassembly in the correct order. The whole process of transmission is done through
the use of routers. Routing is the process by which two communication stations find
TECH
TECH
and use the optimum path across any network of any complexity. Routers must
support fragmentation, the ability to subdivide received information into smaller units
where this is required to match the underlying network technology. Routers operate
by recognizing that a particular network number relates to a specific area within the
interconnected networks. They keep track of the numbers throughout the entire
process.
Domain Name System
The addressing system on the Internet generates IP addresses, which are

usually indicated by numbers such as 128.201.86.290. Since such numbers are
difficult to remember, a user-friendly system has been created known as the Domain
Name System (DNS). This system provides the mnemonic equivalent of a numeric IP
address and further ensures that every site on the Internet has a unique address. For
example, an Internet address might appear as crito.uci.edu. If this address is accessed
through a Web browser, it is referred to as a URL (Uniform Resource Locator), and the
full URL will appear as http://www.crito.uci.edu.
The Domain Name System divides the Internet into a series of component
networks called domains that enable e-mail (and other files) to be sent across the
entire Internet. Each site attached to the Internet belongs to one of the domains.
Universities, for example, belong to the “edu” domain. Other domains are gov
(government), com (commercial organizations), mil (military), net (network service
providers), and org (nonprofit organizations).
World Wide Web
The World Wide Web (WWW) is based on technology called hypertext. The Web
may be thought of as a very large subset of the Internet, consisting of hypertext and
hypermedia documents. A hypertext document is a document that has a reference (or
link) to another hypertext document, which may be on the same computer or in a
different computer that may be located anywhere in the world. Hypermedia is a
similar concept except that it provides links to graphic, sound, and video files in
addition to text files.
In order for the Web to work, every client must be able to display every
document from any server. This is accomplished by imposing a set of standards
known as a protocol to govern the way that data are transmitted across the Web.
Thus data travel from client to server and back through a protocol known as the
HyperText Transfer Protocol (http). In order to access the documents that are
transmitted through this protocol, a special program known as a browser is required,
which browses the Web. See also World Wide Web.
Commerce on the Internet
Commerce on the Internet is known by a few other names, such as e-business,

Etailing (electronic retailing), and e-commerce. The strengths of e-business depend on
the strengths of the Internet. Internet commerce is divided into two major segments,
TECH
TECH
business-to-business (B2B) and business-to-consumer (B2C). In each are some
companies that have started their businesses on the Internet, and others that have
existed previously and are now transitioning into the Internet world. Some products
and services, such as books, compact disks (CDs), computer software, and airline
tickets, seem to be particularly suited for online business.
World Wide Web :
A major service on the Internet. To understand exactly how the Web relates to
the Internet, see Web vs. Internet. The World Wide Web is made up of "Web servers"
that store and disseminate "Web pages," which are "rich" documents that contain
text, graphics, animations and videos to anyone with an Internet connection.
The heart of the Web technology is the hyperlink, which connects each
document to each other by its "URL" address, whether locally or in another country.
"Click here" caused the Web to explode in the mid-1990s, turning the Internet into the
largest shopping mall and information source in the world. It also enabled the concept
of a "global server" that provides a source for all applications and data (see Web 2.0).
The Browser
Web pages are accessed by the user via a Web browser application such as
Internet Explorer, Netscape, Safari, Opera and Firefox. The browser renders the pages
on screen, executes embedded scripts and automatically invokes additional software
as needed. For example, animations and special effects are provided by browser plug-
ins, and audio and video are played by media player software that either comes with
the operating system or from a third party.
HTML Is the Format
A Web page is a text document embedded with HTML tags that define how the
text is rendered on screen. Web pages can be created with any text editor or word
processor. They are also created in HTML authoring programs that provide a graphical
interface for designing the layout. Authoring programs generate the HTML tags behind
the scenes, but the tags can be edited if required. Many applications export
documents directly to HTML, thus basic Web pages can be created in numerous ways
without HTML coding. The ease of page creation helped fuel the Web's growth.
A collection of Web pages makes up a Web site. Very large organizations deploy
their Web sites on inhouse servers or on their own servers co-located in a third party
facility that provides power and Internet access. Small to medium sites are generally
hosted by Internet service providers (ISPs). Millions of people have developed their
own mini Web sites as ISPs typically host a small number of personal Web pages at no
extra cost to individual customers.
The Intranet
TECH
TECH
The public Web spawned the private "intranet," an inhouse Web site for
employees. Protected via a firewall that lets employees access the Internet, the
firewall restricts uninvited users from coming in and viewing internal information.
There is no difference in intranet and Web architectures. It has only to do with who
has access.
HTTP Can Deliver Anything
HTML pages are transmitted to the user via the HTTP protocol. A Web server
stores HTML pages for a Web site, but it can also be a storehouse for any kind of file
delivered to a client application via HTTP. For example, the Windows version of this
Encyclopedia is available as an HTTP application. The text and images are hosted on
The Computer Language Company's Web server and delivered to the Windows client
in the user's PC. The Windows client is an HTTP-enabled version of the popular
interface first introduced in 1996 for stand-alone PCs and client/server LANs.
Where It Came From - Where It's Going
The World Wide Web was developed at the European Organization for Nuclear
Research (CERN) in Geneva from a proposal by Tim Berners-Lee in 1989. It was
created to share research information on nuclear physics. In 1991, the first command
line browser was introduced. By the start of 1993, there were 50 Web servers, and the
Voila X Window browser provided the first graphical capability. In that same year,
CERN introduced its Macintosh browser, and the National Center for Supercomputing
Applications (NCSA) in Chicago introduced the X Window version of Mosaic. Mosaic
was developed by Marc Andreessen, who later became world famous as a principal at
Netscape.
By 1994, there were approximately 500 Web sites, and, by the start of 1995,
nearly 10,000. By the turn of the century, there were more than 30 million registered
domain names. Many believe the Web signified the real beginning of the information
age. However, those people who still use analog dial-up modems consider it the
"World Wide Wait."
Everyone has some interest in the Web. ISPs, cable and telephone companies
want to give you connectivity. Webmasters want more visitors. IT managers want
more security. The publishing industry wants to preserve its copyrights. Hardware and
software vendors want to make every product Web accessible. Nothing in the
computer/communications field ever came onto the scene with such intensity. Even
with the dot-com crash of 2000/2001, the future of the Web is going to be very
exciting. Stay tuned! See Web 2.0, Internet, HTTP, HTML, World Wide Wait and Wild
Wooly Web.
2 . Explain Ecommerce | Online vs "Traditional" Commerce
Expectations Are Learned Offline

TECH
TECH
Users come to online commerce with some key experiential understandings of

the characteristics of traditional commerce.
Identity. Customers can easily authenticate the identity of a merchant simply by

walking into a bricks-and-mortar store. Stores can be members of a community and
neighborhood; they can be part of customers' daily experience. There is a
concreteness about a physical store that no amount of HTML will ever match.
Immediacy. Customers can touch and feel and hold the merchandise. Tactile cues
can drive the decision to buy. A transaction that is face-to-face is usually unmediated:
your communication with the merchant is not in the hands of a third party or
technology (as with ordering by phone).
Value. The item at the center of the commerce transaction -- the product, service, or
property that is to be sold/bought -- has some kind of value. Its price is determined
and validated through the performance of the transaction. The seller agrees to a
selling price, and the buyer agrees to a buying price. The value of an item, especially
the relative value an item has for the buyer, is much easier to appraise if that item is
close at hand.
Discourse. Customers can converse with the merchant face-to-face; unmediated

conversation is basic to human communication. People want the feedback available
from non-verbal behavior, which forms a large part of our judgment process.
Community. Customers can interact with other customers and gain feedback about
the merchant from other customers, as well as by observing the merchant interacting
with other customers.
Privacy. Customers can make purchases anonymously with cash; they usually don't
have to give their name or address. They don't usually have to worry about what a
store will do with their personal information, although this is becoming more of an
issue with various recent attempts by lawyers to access private sales and rental
records. Privacy is often a measure of how much of his or her identity a buyer wants
to invest in a transaction; sometimes, we just want to quietly make our purchase and
leave with it.
An online commerce customer faces mediation in every element and at every

stage of the commerce transaction. Customers can't see the merchant, only the
merchant's website; they can't touch the merchandise, they can only see a
representation; they can't wander a store and speak with employees, they can only
browse HTML pages, read FAQs, and fire off email to nameless customer service
mailboxes; they can't explore the store's shelves and product space, they can only
search a digital catalog. A customer at an online commerce site lacks the concrete
cues to comfortably assess the trustworthiness of the site, and so must rely on new
kinds of cues. The problem for the online customer is that the web is new -- to a large
sector of the online audience -- and online commerce seems like a step into an
unknown experience.
TECH
TECH
3. Different Kinds of "Traditional" Commerce Models.
Not every commerce transaction is identical, and not every transaction is the
same type of transaction. In my experience, I have dealt with roughly five types of
commerce transaction offline (this is not an attempt at a taxonomy of commerce
transactions, just my common-sense exploration of my own experience):
Retail store
This is by far the most common commerce experience in American culture: you
walk into a store that is stocked with merchandise for immediate sale -- bookstores,
grocery stores, hardware stores -- and find what you want, then purchase it. You leave
the store with the product, assuming immediate ownership.
Retail special order
When a retail store doesn't stock the product you want, or is currently out of
stock, you often have the option of special ordering the product. If a bookstore doesn't
care a small press book title that you want, and the title is in print, you can usually
special order the title from the store; the store locates the product, buys it, then
resells it you. Delayed gratification, but you have the advantage of dealing with a
merchant face-to-face. I would consider rain checks in this same category.
Catalogue store
Smaller towns sometimes have catalogue stores, where a large merchant

doesn't see a local demand to keep a store stocked with merchandise, so they instead
provide a storefront where people can come in and look at catalogues, and order from
a company representative. Sears is a company that operates catalogue stores (or at
least they used to), and Service Merchandise functions as a catalogue store for much
of their "stock".
phone order from a catalogue
Mail order catalogues, with their operators standing by, have been around
longer than the internet. While you can't touch and feel the merchandise prior to
ordering, you can at least speak with a live person when placing the order; I've had
some excellent shopping experiences with mail order catalog customer service reps.
Bargaining
I find this the strangest form of commerce transaction; I simply am not used to
bargaining... just give me a price, and I'll decide whether or not to pay it. The United
States is not a country with a vibrant bargaining culture, but if you travel
internationally you will encounter cultures that thrive on bargaining. In the U.S.,
buying an automobile or shopping at collectors conventions is often a bargaining
experience.
TECH
TECH
While these may be different types of commerce transactions, they are all
clearly related. They share elements like the roles involved (seller and buyer), steps in
the transactions (price must be agreed upon, money must change hands), and
underlying concepts (the value of this merchandise to me, do I know this merchant?).
Ultimately, these different transactions differ only slightly on some few elements, with
the bulk of the transaction adhering to the internal models that we have built for what
commerce is like.
In fact, based on our experience, we build frameworks to describe these

transactions, with steps and meaningful elements, and we use these frameworks to
understand every new commerce transaction in which we engage. These frameworks
are called schemas, and we use these schemas to make sense of ecommerce web
sites when we take our shopping online.
4. Explain E-commerce advantages and disadvantages :
E-commerce provides many new ways for businesses and consumers to

communicate and conduct business. There are a number of advantages and
disadvantages of conducting business in this manner.
E-commerce advantages
Some advantages that can be achieved from e-commerce include:
a. Being able to conduct business 24 x 7 x 365 .
E-commerce systems can operate all day every day. Your physical storefront
does not need to be open in order for customers and suppliers to be doing business
with you electronically.
b. Access the global marketplace .
The Internet spans the world, and it is possible to do business with any business
or person who is connected to the Internet. Simple local businesses such as specialist
record stores are able to market and sell their offerings internationally using e-
commerce. This global opportunity is assisted by the fact that, unlike traditional
communications methods, users are not charged according to the distance over which
they are communicating.
c. Speed.
Electronic communications allow messages to traverse the world almost

instantaneously. There is no need to wait weeks for a catalogue to arrive by post: that
communications delay is not a part of the Internet / e-commerce world.
d. Marketspace.
TECH
TECH
The market in which web-based businesses operate is the global market. It may
not be evident to them, but many businesses are already facing international
competition from web-enabled businesses.
e. Opportunity to reduce costs.
The Internet makes it very easy to 'shop around' for products and services that
may be cheaper or more effective than we might otherwise settle for. It is sometimes
possible to, through some online research, identify original manufacturers for some
goods - thereby bypassing wholesalers and achieving a cheaper price.
f. Computer platform-independent .
'Many, if not most, computers have the ability to communicate via the Internet
independent of operating systems and hardware. Customers are not limited by
existing hardware systems' (Gascoyne & Ozcubukcu, 1997:87).
g. Efficient applications development environment .
'In many respects, applications can be more efficiently developed and

distributed because the can be built without regard to the customer's or the business
partner's technology platform. Application updates do not have to be manually
installed on computers. Rather, Internet-related technologies provide this capability
inherently through automatic deployment of software updates' (Gascoyne &
Ozcubukcu, 1997:87).
h. Allowing customer self service and 'customer outsourcing'.
People can interact with businesses at any hour of the day that it is convenient
to them, and because these interactions are initiated by customers, the customers
also provide a lot of the data for the transaction that may otherwise need to be
entered by business staff. This means that some of the work and costs are effectively
shifted to customers; this is referred to as 'customer outsourcing'.
i. Stepping beyond borders to a global view.
Using aspects of e-commerce technology can mean your business can source
and use products and services provided by other businesses in other countries. This
seems obvious enough to say, but people do not always consider the implications of
e-commerce. For example, in many ways it can be easier and cheaper to host and
operate some e-commerce activities outside Australia. Further, because many e-
commerce transactions involve credit cards, many businesses in Australia need to
make arrangements for accepting online payments. However a number of major
Australian banks have tended to be unhelpful laggards on this front, charging a lot of
money and making it difficult to establish these arrangements - particularly for
smaller businesses and/or businesses that don't fit into a traditional-economy
TECH
TECH
understanding of business. In some cases, therefore, it can be easier and cheaper to
set up arrangements which bypass this aspect of the Australian banking system.
Admittedly, this can create some grey areas for legal and taxation purposes, but
these can be dealt with. And yes these circumstances do have implications for
Australia's national competitiveness and the competitiveness of our industries and
businesses.
6. Explain E-commerce disadvantages and constraints .
Some disadvantages and constraints of e-commerce include the following.
a. Time for delivery of physical products .
It is possible to visit a local music store and walk out with a compact disc, or a
bookstore and leave with a book. E-commerce is often used to buy goods that are not
available locally from businesses all over the world, meaning that physical goods need
to be delivered, which takes time and costs money. In some cases there are ways
around this, for example, with electronic files of the music or books being accessed
across the Internet, but then these are not physical goods.
b. Physical product, supplier & delivery uncertainty .
When you walk out of a shop with an item, it's yours. You have it; you know
what it is, where it is and how it looks. In some respects e-commerce purchases are
made on trust. This is because, firstly, not having had physical access to the product,
a purchase is made on an expectation of what that product is and its condition.
Secondly, because supplying businesses can be conducted across the world, it can be
uncertain whether or not they are legitimate businesses and are not just going to take
your money. It's pretty hard to knock on their door to complain or seek legal recourse!
Thirdly, even if the item is sent, it is easy to start wondering whether or not it will ever
arrive.
c. Perishable goods .
Forget about ordering a single gelato ice cream from a shop in Rome! Though
specialised or refrigerated transport can be used, goods bought and sold via the
Internet tend to be durable and non-perishable: they need to survive the trip from the
supplier to the purchasing business or consumer. This shifts the bias for perishable
and/or non-durable goods back towards traditional supply chain arrangements, or
towards relatively more local e-commerce-based purchases, sales and distribution. In
contrast, durable goods can be traded from almost anyone to almost anyone else,
sparking competition for lower prices. In some cases this leads to disintermediation in
which intermediary people and businesses are bypassed by consumers and by other
businesses that are seeking to purchase more directly from manufacturers.
d. Limited and selected sensory information.

TECH
TECH
The Internet is an effective conduit for visual and auditory information: seeing
pictures, hearing sounds and reading text. However it does not allow full scope for our
senses: we can see pictures of the flowers, but not smell their fragrance; we can see
pictures of a hammer, but not feel its weight or balance. Further, when we pick up and
inspect something, we choose what we look at and how we look at it. This is not the
case on the Internet. If we were looking at buying a car on the Internet, we would see
the pictures the seller had chosen for us to see but not the things we might look for if
we were able to see it in person. And, taking into account our other senses, we can't
test the car to hear the sound of the engine as it changes gears or sense the smell
and feel of the leather seats. There are many ways in which the Internet does not
convey the richness of experiences of the world. This lack of sensory information
means that people are often much more comfortable buying via the Internet generic
goods - things that they have seen or experienced before and about which there is
little ambiguity, rather than unique or complex things.
e. Returning goods.
Returning goods online can be an area of difficulty. The uncertainties

surrounding the initial payment and delivery of goods can be exacerbated in this
process. Will the goods get back to their source? Who pays for the return postage?
Will the refund be paid? Will I be left with nothing? How long will it take? Contrast this
with the offline experience of returning goods to a shop.
f. Privacy, security, payment, identity, contract.
Many issues arise - privacy of information, security of that information and

payment details, whether or not payment details (eg credit card details) will be
misused, identity theft, contract, and, whether we have one or not, what laws and
legal jurisdiction apply.
g. Defined services & the unexpected .
E-commerce is an effective means for managing the transaction of known and

established services, that is, things that are everyday. It is not suitable for dealing
with the new or unexpected. For example, a transport company used to dealing with
simple packages being asked if it can transport a hippopotamus, or a customer asking
for a book order to be wrapped in blue and white polka dot paper with a bow. Such
requests need human intervention to investigate and resolve.
h .Personal service .
Although some human interaction can be facilitated via the web, e-commerce
can not provide the richness of interaction provided by personal service. For most
businesses, e-commerce methods provide the equivalent of an information-rich
counter attendant rather than a salesperson. This also means that feedback about
how people react to product and service offerings also tends to be more granular or
perhaps lost using e-commerce approaches. If your only feedback is that people are
TECH
TECH
(or are not) buying your products or services online, this is inadequate for evaluating
how to change or improve your e-commerce strategies and/or product and service
offerings. Successful business use of e-commerce typically involves strategies for
gaining and applying customer feedback. This helps businesses to understand,
anticipate and meet changing online customer needs and preferences, which is
critical because of the comparatively rapid rate of ongoing Internet-based change.
i. Size and number of transactions.
E-commerce is most often conducted using credit card facilities for payments,
and as a result very small and very large transactions tend not to be conducted
online. The size of transactions is also impacted by the economics of transporting
physical goods. For example, any benefits or conveniences of buying a box of pens
online from a US-based business tend to be eclipsed by the cost of having to pay for
them to be delivered to you in Australia. The delivery costs also mean that buying
individual items from a range of different overseas businesses is significantly more
expensive than buying all of the goods from one overseas business because the
goods can be packaged and shipped together.
Internet Advantages:
a. 24 hours a day - 7 days a week - 365 days per year

Even if no staff were to be in your office, visitors will come to your website. The
website NEVER closes.
b. Structural
An advertisement in a newspaper is worthless the day (perhaps two days) after.

Participation at a fair or conference doesn't reach anybody, once it is over. Apart from
things like dates and prices, much of your website content will still be valid years after
you've done the work to have it there.
c. Measurable
You can measure anything; how many people saw your advertisement banners,
how many clicked on it, how many asked information or a price quote and how many
sales on resulted from that campaign. You can measure how many people came to
your website through certain key words in a search-engine and calculate the profits
per 1.000 visitors on THAT specific keyword. How many pages did people look at?
What section of my content is more popular? What is the "normal route"? What it the
most frequent "exit page" (from where they leave your site". How many visitors are
NEW to the site and how many are repeat-visits?
d. Interactive
Visitors can do a test, they can get an automatic price-quote through a form,
they can participate in a forum, ask a question through different feedback systems
(including online).
TECH
TECH
e. Community building
Invite people to contribute things themselves; evaluations of the product/ the

service, tips for other users, use newsletters.
f. Low cost
Just compare the costs of sending out physical mailing to 25,000 addresses,
with the costs of an e-mailing to 250.000 e-mail addresses.
g. Reproduction at "zero cost"
Whether 1,000 visitors come to your site or 25,000, the increased cost is
marginal. Compare that with printing more brochures, producing more videos or using
a call centre for another 2,000 calls.
h. Saves time (counselling on product and service information /

administration)
Visitors can access "frequently asked questions" to help themselves, which

saves you time. People can BUY online, without any member of staff having been
involved.
i. Allows for new business models (CPM, PPC, PPL, affiliate)
Pay for every time someone SEES your advertisement, or only when they CLICK
on your banner advertisement, or even only when they fill out a form, that identifies
them and makes them approachable OR even ONLY pay, when you actually get a
SALE from another website.
j. Low "hassle" environment
Apart from "pop-ups and pop-unders"; Many possible clients will find it "safer" to
look around on a website anonymously, rather than asking a question to a real life
person.
7. Explain Commercial Transactions and Electronic Transactions ?
Understanding the ways in which commercial transactions take place online,

across the Internet, requires understanding the way in which any commercial
transactions takes place. There will be differences between different types of
transactions. Although the way a large corporation buys raw materials in bulk from its
supplier is different from the way the schoolchild buys candy at the corner drugstore,
both transactions share certain characteristics.
Let us examine some of the issues involved in electronic commerce by taking a

look at what happens in the course of any commercial transaction, we will focus on
TECH
TECH
the issues involved in simple retail transactions, since virtually everyone is familiar
and comfortable with this type of transaction.
1. Establishing Trust
2. Negotiating a Deal
3. Payment and Settlement
4. Payment Vehicles and Currencies
5. Products and Delivery
Electronic Transactions :
When considering online commerce, it is important to maintain a perspective

and define a context. Broadcasting networks, particularly television networks, have a
long history of being used to market products, although viewers cannot use that same
medium to place orders. with widespread use of credit cards, consumers and
merchants have been happily transacting business over the telephone networks for
many years. Highly sensitive banking transactions have been routinely processed
through ATM networks since the late 1970s.
Once participants in the electronic marketplace understand the mechanisms set

up for transacting business across the Internet, buying and selling online will be at
least as simple and trusted a method as buying by phone or in person.
8. With a neat sketch explain the Electronic Commerce industry frame work?
Introduction
Electronic commerce is the ability to perform transactions involving the exchange
of goods or services between two or more parties using electronic tools and
techniques. Long employed by large businesses and financial service organizations,
several factors are now converging to bring electronic commerce to a new level of
utility and viability for small businesses and individuals -- thereby promising to make
it part of everyday life.
These enabling factors include improved broader competitive access to

networks, and the reduced cost and increased user-friendliness of both general-
purpose computers and specialized devices. The rapid growth of primarily the Internet
and other on-line services, convenient point-of-sale payment systems, and automated
teller machines all set the stage for broad-scale electronic commerce. Further, with
relentless pressures of competition at all levels of the economy, the efficiencies
offered by electronic commerce are becoming hard to ignore.
This white paper discusses primarily technical issues that, if properly addressed,
can guide the evolution of electronic commerce. However, it is recognized that
numerous complex social, legal and regulatory issues of equal importance must also
TECH
TECH
be addressed if the potential of electronic commerce is to be realized. These include
finding acceptable methods for authentication and protection of information,
accomodating the special needs of law enforcement and international transactions,
and creating the requisite means, technological and otherwise, of settling disputes.
We point them out here specifically to emphasize their importance, but do not treat
them at length in this paper. The remainder of the paper answers the following
questions about electronic commerce:
Section 2 describes the advantages of electronic versus paper-based commerce

and discusses several shortcomings of present electronic commerce systems. It then
describes the kinds of progress that will need to be made to overcome these
deficiencies and create an electronic commerce infrastructure. Section 3 describes
the actual requirements of electronic commerce in terms of (1) the framework that
must be in place, (2) the activities and functions that must be supported, and (3) the
building blocks required to support these activities and functions. Section 4 presents
an architecture and model for electronic commerce. Section 5 draws implications for
future technical needs and for electronic commerce.
Types of information
providers
Traditionally, in the physical world, we distinguish between three different types of

information-driven companies: those that create content (e.g TV production), those
that define the form or format (e.g recording studio) and finally those that provide the
distribution medium.(e.g TV broadcasting station and cable operators). Companies
that are targeting vertical markets need access in all three areas (see red, dashed
circle, fig 1).
EC functions
The following ten functions must be provided in order to EC to occur; in essense, they
are the enablers of EC:
• Standards setting body

• WAN service provider
• Hosting service (i.e data center)
• Software developer (ISV or VAR)
• Certification authority
• Publisher/Aggregator (presense provider)
• Copyright broker
• Metering authority
TECH
TECH
• Auditing authority
• Information consumer
The provision of the above ten EC functions does not necessitate the involvement
of an equivalent number of parties; many of these will be carried out by the same
provider. For example, the Hosting Service can be the same organization as the
Publisher/Aggregator.
9. Definition E-commerce and Introduction of E-commerce?.
Electronic commerce, commonly known as e-commerce or eCommerce, consists

of the buying and selling of products or services over electronic systems such as the
Internet and other computer networks. The amount of trade conducted electronically
has grown dramatically since the wide introduction of the Internet. A wide variety of
commerce is conducted in this way, including things such as electronic funds transfer,
supply chain management, e-marketing, online marketing, online transaction
processing, electronic data interchange (EDI), automated inventory management
systems, and automated data collection systems. Modern electronic commerce
typically uses the World Wide Web at least some point in the transaction's lifecycle,
although it can encompass a wide range of technologies such as e-mail as well.
Introduction of E-commerce.
Electronic commerce, commonly known as e-commerce or eCommerce, consists

of the buying and selling of products or services over electronic systems such as the
Internet and other computer networks. The amount of trade conducted electronically
has grown dramatically since the wide introduction of the Internet. A wide variety of
commerce is conducted in this way, including things such as electronic funds transfer,
supply chain management, e-marketing, online marketing, online transaction
processing, electronic data interchange (EDI), automated inventory management
systems, and automated data collection systems. Modern electronic commerce
typically uses the World Wide Web at least some point in the transaction's lifecycle,
although it can encompass a wide range of technologies such as e-mail as well.
A small percentage of electronic commerce is conducted entirely electronically

for "virtual" items such as access to premium content on a website, but most
electronic commerce eventually involves physical items and their transportation in at
least some way.
10. Explain History of the E-commerce and Internet ?
The meaning of the term "electronic commerce" has changed over the last 30
years. Originally, "electronic commerce" meant the facilitation of commercial
transactions electronically, usually using technology like Electronic Data Interchange
(EDI) and Electronic Funds Transfer (EFT), where both were introduced in the late
1970s, for example, to send commercial documents like purchase orders or invoices
TECH
TECH
electronically.
The 'electronic' or 'e' in e-commerce refers to the technology/systems; the

'commerce' refers to be traditional business models. E-commerce is the complete set
of processes that support commercial business activities on a network. In the 1970s
and 1980s, this would also have involved information analysis. The growth and
acceptance of credit cards, automated teller machines (ATM) and telephone banking
in the 1980s were also forms of e-commerce. However, from the 1990s onwards, this
would include enterprise resource planning systems (ERP), data mining and data
warehousing.
In the dot com era, it came to include activities more precisely termed "Web
commerce" -- the purchase of goods and services over the World Wide Web, usually
with secure connections (HTTPS, a special server protocol that encrypts confidential
ordering data for customer protection) with e-shopping carts and with electronic
payment services, like credit card payment authorizations.
Today, it encompasses a very wide range of business activities and processes,

from e-banking to offshore manufacturing to e-logistics. The ever growing
dependence of modern industries on electronically enabled business processes gave
impetus to the growth and development of supporting systems, including backend
systems, applications and middleware. Examples are broadband and fibre-optic
networks, supply-chain management software, customer relationship management
software, inventory control systems and financial accounting software.
When the Web first became well-known among the general public in 1994,
many journalists and pundits forecast that e-commerce would soon become a major
economic sector. However, it took about four years for security protocols (like HTTPS)
to become sufficiently developed and widely deployed. Subsequently, between 1998
and 2000, a substantial number of businesses in the United States and Western
Europe developed rudimentary web sites.
Although a large number of "pure e-commerce" companies disappeared during

the dot-com collapse in 2000 and 2001, many "brick-and-mortar" retailers recognized
that such companies had identified valuable niche markets and began to add e-
commerce capabilities to their Web sites. For example, after the collapse of online
grocer Webvan, two traditional supermarket chains, Albertsons and Safeway, both
started e-commerce subsidiaries through which consumers could order groceries
online.
The emergence of e-commerce also significantly lowered barriers to entry in the

selling of many types of goods; accordingly many small home-based proprietors are
able to use the internet to sell goods. Often, small sellers use online auction sites such
as eBay, or sell via large corporate websites like Amazon.com, in order to take
advantage of the exposure and setup convenience of such sites.
Internet :
TECH
TECH
TCP/IP.

3. TCP
4. IP Address
11. Define WWW and Advantages of E-Commerce?
• Tim Berners – Lee first called the WWW in 1990.

• Web Consists of three moving parts:
• 1.Web pages. 2.Links. 3.Servers
• Web content types
• Links
• Forms
• Images
• GIF
• JPEG
• Multimedia
• Web browsers:
• All web pages are viewed through Pgms called Web browsers.
• Small in size and simple.
• How Webbrowser Works:-
• Using URL, The URL tells the browser several things about how to access the
desired content
• Example:
• http://www.mcompany.com/home.html

TECH
TECH
• it explains:
• http ->protocol used
• www.mcompany.com -> Server
• home.html->file ->residing on a server called www.mcompany.com(location of
the file)
Advantages of E-Commerce:
• New marketing time opportunities.

• Electronic bill presentment and payment services
• Related products and cross selling
• Featured product listing
• Coupon codes, gift certificates
• Inventory control
• Backorders allowed
• Quantity discounts
• Wholesale pricing capability
• On Screen shopping list
• Import existing data
• Single or batch picture uploads
• No plug-ins / programming
• Web based administration
• Complete store front system

TECH
TECH
UNIT – II
(SECURITY TECHNOLOGIES)
PART – B
1. What is a secured web server?
A computer that delivers (serves up) Web pages. Every Web server has an IP
address and possibly a domain name. For example, if you enter the URL
http://www.pcwebopedia.com/index.html in your browser, this sends a request to the
server whose domain name is pcwebopedia.com. The server then fetches the page
named index.html and sends it to your browser
2. What is a packet switched network?
Network that does not establish a dedicated path through the network for
the duration of a session, opting instead to transmit data in units called packets
in a connectionless manner. Data streams are broken into packets at the front
end of a transmission, sent over the best available network connection, and
then reassembled in their original order at the destination endpoint.
3. What is a software agent?
In computer science, a software agent is a piece of software that acts for a user
or other program in a relationship of agency
4. Define DNS.
(1) Short for Domain Name System (or Service or Server), an Internet service that
translates domain names into IP addresses. Because domain names are alphabetic,
they're easier to remember. The Internet however, is really based on IP addresses.
Every time you use a domain name, therefore, a DNS service must translate the name
into the corresponding IP address. For example, the domain name www.example.com
might translate to 198.105.232.4.
5. What is the need for intelligent agents?
The concept of an agent has become important in both Artificial Intelligence (AI)
and mainstream computer science. Our aim in this paper is to point the reader at
TECH
TECH
what we perceive to be the most important theoretical and practical issues associated
with the design and construction of intelligent agents.
6. What is a markup language?
Markup language is a set of codes or tags that surrounds content and tells a
person or program what that content is (its structure) and/or what it should look like
(its format). Markup tags have a distinct syntax that sets them apart from the content
that they surround
7. What is Digital Signature ?
In cryptography, a digital signature or digital signature scheme is a type of

asymmetric cryptography used to simulate the security properties of a signature in
digital, rather than written, form. Digital signature schemes normally give two
algorithms, one for signing which involves the user's secret or private key, and one for
verifying signatures which involves the user's public key. The output of the signature
process is called the "digital signature."
8. What are the Security Concerns ?
a. Confidentiality
b. Authenticity
c. Integrity
9. What are the risk ?
Some serious risks are when u transmit data across the internet.
a. Interception by third party

b. Forgery
c. Modification
PART – B

TECH
TECH
1. Explain Internet ?
TCP/IP.

3. TCP
4. IP Address
Why the Internet is UnSecure?
Internet is an open medium. it is an universal medium. In any case, the

internet is definitely an open n/w. once data is transmitted beyond the organizational
network, it may be handled by any number of different intermediate
computers(called routers) which make sure the data is delivered to its intended
destination. Data is also likely to travel across internet backbone networks, which
move vast quantities of data over large distances.
• It’s the protocols:
The primary protocol of the internet is TCP/IP. It contains Five Layers.

Application
Layer
Transport Layer
Internet Layer
Link Layer
Physical Layer
There is no weakness in protocol side.
• Where the Risks Are?
The hacker who stole 20,000 credit card numbers did not exploit any weakness
in the internet protocols; he exploited the weakness in the security of the
computer where those numbers were stored.
TECH
TECH
• What the Risk are?
Some serious risks are when u transmit data across the internet.
1. Interception by third party

2. Forgery
3. Modification
• A Bigger Risk
1.password
The pwd should not be:
1. should not be easy to guess

2. should not be written down near the computer from which it will be used.
3. should not give out the pwd to anyone.
4. should not leave an active session running on an unattended, unprotected system.
5. pwd should be changed periodically.
• Fighting Back
1. Firewall should be used b/w internet and our org.
• What it all means
The bottom line is that the Internet is a public network, and anyone
concerned with transmission security needs to approach the Internet in the same way
one would approach communicating by any other public means. Internet
communications are functionally equivalent (at least as far as security goes) to
communicating in a public hall. Conversations between you and your neighbor can be
overheard by anyone who wants to eavesdrop; if you want to talk to someone at the
opposite end of the hall, you’ve got to rely on intermediaries to carry the message
between you.
Security Concerns:
1. Confidentiality
2. Authenticity
3. Integrity
2. Explain Cryptography?
Deals / study of encryption and decryption.

TECH
TECH
• The objective of cryptography:
• Keep the information in a secret manner.
• Encryption: used to convert the plain text into cipher text
• Decryption: used to convert the cipher text into plain text
• Syntax:
• Basic Mechanism of cryptography:
Plaintext > encrypt > cipher > n/w > cipher >decrypt >
text text plaintext
Here we are using Keys to convert plain text into cipher text.
1. Symmetric key / Private Key --- >same key shared b/w sender and
receiver(for encryption and decryption).
Sender(Plaintext)->Encryp(using private key)->cipher text
|(across the n/w)
Cipher text->Decrypt(using same key)->(Plaintext)Receiver
2. Asymmetric key / Public Key  two keys are used .one key is used for
Encryption(public key) and one key is used for Decryption(Private key).
(A)Sender(Plaintext)->Encryp(using B’s public key)->cipher text

|(across the n/w)
Cipher text->Decrypt(using B’s private key)->(Plaintext)Receiver(B)
Types of cipher text:
a. Transposition text.
Interchanging the position of text. EX. GOD as ODG
b. Substitution text.
Placing the character instead of original text.
EX: God is encrypted as hpe
3. Explain Three Cryptographic Applications ?
a. Encryption
b. Digital Signature
c. Nonrepudiation and MessageIntegrity
Breaking Encryption Standard:
Even though we have several encryption methods there are some intruders are

TECH
TECH
there to find our encryption algorithm and cipher key size(secret key). so it should be
three-digit combination or more than three. Because if its three-digit combination
means there 1000 chances are there to set the secret-key .so its very hard to find the
secret-key and its very hard to break our encryption methods/secret key.
Therefore, we should set the secret key in multi-digit combinations.
Key Distribution and Certification
The preceding discussion about private and public key cryptography has avoided
the issue of how to manage key distribution. As with all the other aspects of
cryptography, there are well known problems pertaining to secure and reliable key
distribution. To illustrate, a simple scenario:
• Bob and Alice are two acquaintances who communicate by e-mail on occasion.
• Evil Robert, impersonating Bob, sends a forged piece of e-mail to Alice,
requesting a secure communication channel using public key encryption.
• Included in this forged message is Evil Robert’s public key(which he represents
as Bob’s public key).
• Alice receives the message and encrypts a reply using what she believes to be
Bob’s public key(but which is actually Evil Robert’s public key).
• Evil Robert receives the message, decrypts it with her own secret key, and is
able to communicate with Alice while pretending to be job.
of course, this scenario can be easily defeated if jones could some how verify that the
public key matches the person who sends it.
Data Encryption Standard:
A widely-adopted implementation of secret-key cryptography is Data Encryption

Standard (DES). The actual software to perform DES is readily available at no cost to
anyone who has access to the Internet. DES was introduced in 1975 by IBM, the
National Security Agency(NSA), and the National Bureau of Standards (NBS). DES has
been extensively researched and studied over the last twenty years and is definitely
the most well-known and widely used cryptosystem in the world.
DES is a secret-key, symmetric cryptosystem: when used for communication,

both sender and receiver must know the same secret key, which is used both to
encrypt and decrypt the message. DES can also be used for single user encryption, for
example, to store files on a hard disk in encrypted form. In a multiuser environment,
however, secure-key distribution becomes difficult; public-key cryptography,
discussed in the next subsection, was developed to solve this pbm.
DES operates on 64-bit blocks with a 56-bit secret key. Designed for hardware
implementation, its operation is relatively fast and works well for large bulk
documents or encryption. Instead of defining just one encryption algorithm, DES
defines a whole family of them. With a few exceptions, a different algorithm is
generated for each secret key. This means that everybody can be told about the
TECH
TECH
algorithm and ur message will still be secure. u just need to tell others ur secret key a
number less than 2power56. the number 2power56 is also large enough to make it
difficult to break the code using a brute force attack(trying to break the cipher by
using all possible keys).
DES has withstood the test of time. Describe the fact that its algorithm is well
known, it is impossible to break the cipher without using tremendous amount of
computing power. A new technique for improving the security of DES is triple
Encryption (Triple DES) that is ,encrypting each message block using three different
keys in succession. Triple DES thought to be equivalent to doubling the key size of
DES, to 112 bits, should prevent Decryption by a Third Party capable of single-key
exhaustive search(mh81) . Of Course, using Triple Encryption takes three times as
long as single encryption DES. If u use DES three times on the same msg with
different secret-keys, it is virtually impossible to break it using existing algorithms.
Over the past few years several new, faster symmetric algorithm have been
developed , but DES remains the most frequently used.
4. Explain Trusted Key Distribution and Verification ?
With the wider application of public key cryptography for the purpose of commerce,
mechanisms for the trusted publication and distribution of public keys are necessary.
Simply having a merchant(or customer) send a copy of a public key will not do, since
a forger could sent her own public key while pretending to be someone else.
One solution is for some (respected) organization to offer key publishing

services. Those who wish to can report their keys and their identities, and anyone else
can find a key by looking for a person’s name. To add further trust, people can have
other people certify their public keys. In other words, one person (or organization)
can vouch for another one by adding their own name and public key to the listing.
The greater the resulting “pedigree” to ur public key, the greater amount of trust
others can put in ur digital signature.
5. Explain FireWall ?
A firewall's basic task is to transfer traffic between computer networks of

different trust levels. Typical examples are the Internet which is a zone with no trust
and an internal network which is a zone of higher trust. A zone with an intermediate
trust level, situated between the Internet and a trusted internal network, is often
referred to as a "perimeter network"
This article is about the network security device. For other uses, see Firewall
(disambiguation).

TECH
TECH
A firewall is a hardware or software device which is configured to permit, deny,
or proxy data through a computer network which has different levels of trust.
FireWall Diagram
Advantages of Network Security :
1. Consult your system support personnel if you work from home

2. Use virus protection software
3. Use a firewall
4. Don’t open unknown email attachments
5. Don’t run programs of unknown origin
6. Disable hidden filename extensions
7. Keep all applications (including your operating system) patched
8. Turn off your computer or disconnect from the network when not in use
9. Disable Java, JavaScript, and ActiveX if possible
10. Disable scripting features in email programs
11. Make regular backups of critical data
12. Make a boot disk in case your computer is damaged or compromised.
6. Explain Digital Signature?
In cryptography, a digital signature or digital signature scheme is a type of

asymmetric cryptography used to simulate the security properties of a signature in
digital, rather than written, form. Digital signature schemes normally give two
algorithms, one for signing which involves the user's secret or private key, and one for
verifying signatures which involves the user's public key. The output of the signature
process is called the "digital signature."
Digital signatures, like written signatures, are used to provide authentication of

the associated input, usually called a "message." Messages may be anything, from
electronic mail to a contract, or even a message sent in a more complicated
cryptographic protocol. Digital signatures are used to create public key infrastructure
TECH
TECH
(PKI) schemes in which a user's public key (whether for public-key encryption, digital
signatures, or any other purpose) is tied to a user by a digital identity certificate
issued by a certificate authority. PKI schemes attempt to unbreakably bind user
information (name, address, phone number, etc.) to a public key, so that public keys
can be used as a form of identification.
Digital signatures are often used to implement electronic signatures, a broader

term that refers to any electronic data that carries the intent of a signature[1], but not
all electronic signatures use digital signatures.[2][3][4][5] In some countries, including
the United States, and in the European Union, electronic signatures have legal
significance. However, laws concerning electronic signatures do not always make
clear their applicability towards cryptographic digital signatures, leaving their legal
importance somewhat unspecified
• Benefits of digital signatures
These are common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a
message, that information may not be accurate. Digital signatures can be used to
authenticate the source of messages. When ownership of a digital signature secret
key is bound to a specific user, a valid signature shows that the message was sent by
that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an account. If
the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission. Although
encryption hides the contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption algorithms, known as
nonmalleable ones, prevent this, but others do not.) However, if a message is digitally
signed, any change in the message will invalidate the signature. Furthermore, there is
no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible
by most cryptographic hash functions (see collision resistance).
• Drawbacks of digital signatures:

Association of digital signatures and trusted time stamping

TECH
TECH
Digital signature algorithms and protocols do not inherently provide certainty
about the date and time at which the underlying document was signed. The signer
might, or might not, have included a time stamp with the signature, or the document
itself might have a date mentioned on it, but a later reader cannot be certain the
signer did not, for instance, backdate the date or time of the signature. Such misuse
can be made impracticable by using trusted time stamping in addition to digital
signatures.
Non-repudiation
In a cryptographic context, the word repudiation refers to any act of disclaiming

responsibility for a message. A message's recipient may insist the sender attach a
signature in order to make later repudiation more difficult, since the recipient can
show the signed message to a third party (eg, a court) to reinforce a claim as to its
signatories and integrity. However, loss of control over a user's private key will mean
that all digital signatures using that key, and so ostensibly 'from' that user, are
suspect. Nonetheless, a user cannot repudiate a signed message without repudiating
their signature key. It is aggravated by the fact there is no trusted time stamp, so new
documents (after the key compromise) cannot be separated from old ones, further
complicating signature key invalidation. Certificate Authorities usually maintain a
public repository of public-key so the association user-key is certified and signatures
cannot be repudiated. Expired certificates are normally removed from the directory. It
is a matter for the security policy and the responsibility of the authority to keep old
certificates for a period of time if a non-repudiation of data service is provided.
Some digital signature algorithms
• Full Domain Hash, RSA-PSS etc., based on RSA

• DSA
• ECDSA
• ElGamal signature scheme
• Undeniable signature
• SHA (typically SHA-1) with RSA
• Rabin signature algorithm
• Pointcheval-Stern signature algorithm
• Schnorr signature
Aggregate signature - a digital signature that supports aggregation: Given n

signatures on n distinct messages from n distinct users, it is possible to aggregate all
these signatures into a single short signature. This single signature will convince the
verifier that the n users did indeed sign the n original messages
7. Discuss in detail about Data Encryption Standard?
The Data Encryption Standard (DES) is a cipher (a method for encrypting

information) selected as an official Federal Information Processing Standard (FIPS) for
the United States in 1976 and which has subsequently enjoyed widespread use

TECH
TECH
internationally. The algorithm was initially controversial with classified design
elements, a relatively short key length, and suspicions about a National Security
Agency (NSA) backdoor. DES consequently came under intense academic scrutiny
which motivated the modern understanding of block ciphers and their cryptanalysis.
DES is now considered to be insecure for many applications. This is chiefly due to the
56-bit key size being too small; in January, 1999, distributed.net and the Electronic
Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15
minutes (see chronology). There are also some analytical results which demonstrate
theoretical weaknesses in the cipher, although they are infeasible to mount in
practice. The algorithm is believed to be practically secure in the form of Triple DES,
although there are theoretical attacks. In recent years, the cipher has been
superseded by the Advanced Encryption Standard (AES).
In some documentation, a distinction is made between DES as a standard and DES the
algorithm which is referred to as the DEA (the Data Encryption Algorithm). When
spoken, "DES" is either spelled out (IPA: /diː iː ɛs/) as an abbreviation or pronounced
as a single syllable (IPA: /dɛs/) acronym.
History of DES
This section does not cite any references or sources. (April 2008)
Please help improve this section by adding citations to reliable sources. Unverifiable
material may be challenged and removed.
The origins of DES go back to the early 1970s. In 1972, after concluding a study on
the US government's computer security needs, the US standards body NBS (National
Bureau of Standards) — now named NIST (National Institute of Standards and
Technology) — identified a need for a government-wide standard for encrypting
unclassified, sensitive information. Accordingly, on 15 May 1973, after consulting with
the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria.
None of the submissions, however, turned out to be suitable. A second request was
issued on 27 August 1974. This time, IBM submitted a candidate which was deemed
acceptable — a cipher developed during the period 1973–1974 based on an earlier
algorithm, Horst Feistel's Lucifer cipher. The team at IBM involved in cipher design
and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl
Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant
Tuckerman.
NSA's involvement in the design

On March 17, 1975, the proposed DES was published in the Federal Register. Public
comments were requested, and in the following year two open workshops were held
to discuss the proposed standard. There was some criticism from various parties,
including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie,
citing a shortened key length and the mysterious "S-boxes" as evidence of improper
interference from the NSA. The suspicion was that the algorithm had been covertly
TECH
TECH
weakened by the intelligence agency so that they — but no-one else — could easily
read encrypted messages.[citation needed] Alan Konheim (one of the designers of DES)
commented, "We sent the S-boxes off to Washington. They came back and were all
different."[1] The United States Senate Select Committee on Intelligence reviewed the
NSA's actions to determine whether there had been any improper involvement. In the
unclassified summary of their findings, published in 1978, the Committee wrote:
"In the development of DES, NSA convinced IBM that a reduced key size was
sufficient; indirectly assisted in the development of the S-box structures; and certified
that the final DES algorithm was, to the best of their knowledge, free from any
statistical or mathematical weakness."[2]
However, it also found that
"NSA did not tamper with the design of the algorithm in any way. IBM invented
and designed the algorithm, made all pertinent decisions regarding it, and concurred
that the agreed upon key size was more than adequate for all commercial applications
for which the DES was intended."[3]
Another member of the DES team, Walter Tuchman, is quoted as saying, "We
developed the DES algorithm entirely within IBM using IBMers. The NSA did not dictate
a single wire!"[4]
Some of the suspicions about hidden weaknesses in the S-boxes were allayed in
1990, with the independent discovery and open publication by Eli Biham and Adi
Shamir of differential cryptanalysis, a general method for breaking block ciphers. The
S-boxes of DES were much more resistant to the attack than if they had been chosen
at random, strongly suggesting that IBM knew about the technique back in the 1970s.
This was indeed the case — in 1994, Don Coppersmith published the original design
criteria for the S-boxes. According to Steven Levy, IBM Watson researchers discovered
differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the
technique secret.[5] Coppersmith explains IBM's secrecy decision by saying, "that was
because [differential cryptanalysis] can be a very powerful tool, used against many
schemes, and there was concern that such information in the public domain could
adversely affect national security." Levy quotes Walter Tuchman: "[t]hey asked us to
stamp all our documents confidential... We actually put a number on each one and
locked them up in safes, because they were considered U.S. government classified.
They said do it. So I did it".[6] Shamir himself commented, "I would say that, contrary
to what some people believe, there is no evidence of tampering with the DES so that
the basic design was weakened."[citation needed]
The other criticism — that the key length was too short — was supported by the
fact that the reason given by the NSA for reducing the key length from 64 bits to 56
was that the other 8 bits could serve as parity bits, which seemed somewhat
specious.[citation needed] It was widely believed that NSA's decision was motivated by the
possibility that they would be able to brute force attack a 56 bit key several years
before the rest of the world would.[citation needed]

TECH
TECH
The algorithm as a standard

Despite the criticisms, DES was approved as a federal standard in November 1976,
and published on 15 January 1977 as FIPS PUB 46, authorized for use on all
unclassified data. It was subsequently reaffirmed as the standard in 1983, 1988
(revised as FIPS-46-1), 1993 (FIPS-46-2), and again in 1999 (FIPS-46-3), the latter
prescribing "Triple DES" (see below). On 26 May 2002, DES was finally superseded by
AES, the Advanced Encryption Standard, following a public competition (see AES
process). On 19 May 2005, FIPS 46-3 was officially withdrawn, but NIST has approved
Triple DES through the year 2030 for sensitive government information.[7]
Another theoretical attack, linear cryptanalysis, was published in 1994, but it was a
brute force attack in 1998 that demonstrated that DES could be attacked very
practically, and highlighted the need for a replacement algorithm. These and other
methods of cryptanalysis are discussed in more detail later in the article.
The introduction of DES is considered to have been a catalyst for the academic study
of cryptography, particularly of methods to crack block ciphers. According to a NIST
retrospective about DES,
The DES can be said to have "jump started" the nonmilitary study and development
of encryption algorithms. In the 1970s there were very few cryptographers, except for
those in military or intelligence organizations, and little academic study of
cryptography. There are now many active academic cryptologists, mathematics
departments with strong programs in cryptography, and commercial information
security companies and consultants. A generation of cryptanalysts has cut its teeth
analyzing (that is trying to "crack") the DES algorithm. In the words of cryptographer
Bruce Schneier [9],[8] "DES did more to galvanize the field of cryptanalysis than
anything else. Now there was an algorithm to study." An astonishing share of the open
literature in cryptography in the 1970s and 1980s dealt with the DES, and the DES is
the standard against which every symmetric key algorithm since has been compared.
[9]
Chronology
Yea
Date Event
r
197
15 May NBS publishes a first request for a standard encryption algorithm
3
197
27 August NBS publishes a second request for encryption algorithms
4

TECH
TECH
197
17 March DES is published in the Federal Register for comment
5
197
August First workshop on DES
6
197
September Second workshop, discussing mathematical foundation of DES
6
197
November DES is approved as a standard
6
197
15 January DES is published as a FIPS standard FIPS PUB 46
7
198
DES is reaffirmed for the first time
3
198 Videocipher II, a TV satellite scrambling system based upon DES begins use
6 by HBO
198
22 January DES is reaffirmed for the second time as FIPS 46-1, superseding FIPS PUB 46
8
199 Biham and Shamir rediscover differential cryptanalysis, and apply it to a 15-
July
0 round DES-like cryptosystem.
Biham and Shamir report the first theoretical attack with less complexity
199
than brute force: differential cryptanalysis. However, it requires an
2
unrealistic 247 chosen plaintexts.
30 Decemb 199
DES is reaffirmed for the third time as FIPS 46-2
er 3
199 The first experimental cryptanalysis of DES is performed using linear

TECH
TECH
4 cryptanalysis (Matsui, 1994).
199 The DESCHALL Project breaks a message encrypted with DES for the first
June
7 time in public.
199
July The EFF's DES cracker (Deep Crack) breaks a DES key in 56 hours.
8
199 Together, Deep Crack and distributed.net break a DES key in 22 hours and
January
9 15 minutes.
DES is reaffirmed for the fourth time as FIPS 46-3, which specifies the
199
25 October preferred use of Triple DES, with single DES permitted only in legacy
9
systems.
26 Novemb 200
The Advanced Encryption Standard is published in FIPS 197
er 1
200
26 May The AES standard becomes effective
2
The withdrawal of FIPS 46-3 (and a couple of related standards) is proposed

200
26 July in the Federal Register[10]
4
200
19 May NIST withdraws FIPS 46-3 (see Federal Register vol 70, number 96)
5
200 The FPGA based parallel machine COPACOBANA of the University of Bochum
15 March
7 and Kiel, Germany, breaks DES in 6.4 days at $10,000 hardware cost
8. Write short notes on
a. Key Distribution techniques.

b. Digital Signature
c. Non-repudiation
(a) Key Distribution techniques.

TECH
TECH
The general key distribution problem refers to the task of distributing secret
keys between communicating parties to provide security properties such as secrecy
and authentication.
In sensor networks, key distribution is usually combined with initial communication
establishment to bootstrap a secure communication infrastructure from a collection of
deployed sensor nodes. In the setting we study in this chapter, nodes have been pre-
initialized with some secret information before deployment, but only after network
setup, we know the location of nodes. The node location often determines which
nodes need to establish a cryptographic keys with which other nodes, so we cannot
set up these keys before deployment.
In this chapter, we refer to the combined problem of key distribution and secure
communications establishment as the security bootstrapping problem, or simply the
bootstrapping problem. A bootstrapping protocol must not only enable a newly
deployed sensor network to initiate a secure infrastructure, but it must also allow
nodes deployed at a later time to join the network securely. This is a challenging
problem due to the many limitations of sensor network hardware and software.
In this chapter, we discuss and evaluate several well-known methods of key

distribution. Besides these, we present an in-depth study of random key pre2
distribution, a method that has recently attracted significant research attention, and
we have also worked on.
(b) Digital Signature
A digital signature scheme typically consists of three algorithms:
• A key generation algorithm that selects a private key uniformly at random from
a set of possible private keys. The algorithm outputs the private key and a
corresponding public key.
• A signing algorithm which, given a message and a private key, produces a
signature.
• A signature verifying algorithm which given a message, public key and a
signature, either accepts or rejects.
Two main properties are required. First, a signature generated from a fixed message
and fixed private key should verify on that message and the corresponding public key.
Secondly, it should be computationally infeasible to generate a valid signature for a
party who does not possess the private key.
Benefits of digital signatures
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a
TECH
TECH
message, that information may not be accurate. Digital signatures can be used to
authenticate the source of messages. When ownership of a digital signature secret
key is bound to a specific user, a valid signature shows that the message was sent by
that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an account. If
the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission. Although
encryption hides the contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption algorithms, known as
nonmalleable ones, prevent this, but others do not.) However, if a message is digitally
signed, any change in the message will invalidate the signature. Furthermore, there is
no efficient way to modify a message and its signature to produce a new message
with a valid signature, because this is still considered to be computationally infeasible
by most cryptographic hash functions (see collision resistance).
Drawbacks of digital signatures.
Despite their usefulness, digital signatures alone do not solve the following problems:
Association of digital signatures and trusted time stamping
Digital signature algorithms and protocols do not inherently provide certainty about
the date and time at which the underlying document was signed. The signer might
have included a time stamp with the signature, or the document itself might have a
date mentioned on it. Regardless of the document's contents, a reader cannot be
certain the signer did not, for example, backdate the date or time of the signature.
Such misuse can be made impracticable by using trusted time stamping in addition to
digital signatures.
c. Non-repudiation
In a cryptographic context, the word repudiation refers to any act of disclaiming

responsibility for a message. A message's recipient may insist the sender attach a
signature in order to make later repudiation more difficult, since the recipient can
show the signed message to a third party (e.g., a court) to reinforce a claim as to its
signatories and integrity. However, loss of control over a user's private key will mean
that all digital signatures using that key, and so ostensibly 'from' that user, are
suspect. Nonetheless, a user cannot repudiate a signed message without repudiating
their signature key. This is aggravated by the fact there is no trusted time stamp, so
new documents (after the key compromise) cannot be separated from old ones,
further complicating signature key invalidation. Certificate authorities usually
TECH
TECH
maintain a public repository of public keys so the associated private key is certified
and signatures cannot be repudiated. Expired certificates are normally removed from
the repository. It is a matter for the security policy and the responsibility of the
authority to keep old certificates for a period of time if non-repudiation of data service
is provided.

TECH
TECH
UNIT – III
ELECTRONIC PAYMENT METHODS
PART – A
1. What is meant by Secure Electronic Transaction protocol?
Secure Electronic Transaction (SET) is a standard protocol for securing credit card
transactions over insecure networks, specifically, the Internet. SET is not itself a
payment system, but rather a set of security protocols and formats that enables users
to employ the existing credit card payment infrastructure on an open network in a
secure fashion.
2. What is micro payment?
Micro payments are means for transferring very small amounts of money, in
situations where collecting such small amounts of money with the usual payment
systems is impractical, or very expensive, in terms of the amount of money being
collected. "Micropayment" originally meant 1/1000th of a US dollar,[1][2], meaning a
payment system that could efficiently handle payments at least as small as a mill, but
now is often defined to mean payments too small to be affordably processed by credit
card or other electronic transaction processing mechanism. The use of micropayments
may be called Microcommerce
3. What is the difference between B2B and B2c website?
B2C websites are intermediary portals to link customers to suppliers. Some of the
major ones are ebay, an auction site. Yell, an internet version of yellow pages and
ZDNet a technology market place. All of these businesses exist primarily on the
internet. They are what is known as e-businesses (electronic businesses). All of them
can be classified under one general heading, market places.
B2C concerns itself with selling to the end user. Typically these are sites like
Amazon, online book retailers, lastminute.com, a "good times" portal. These sites are
more interested in passing the goods to the end user. There is likely a slight
difference between them and your business. They are actually internet based. That is
to say they exist primarily on the internet. Offices and warehousing are borne from
necessity of their internet success.
4. What are the features to be considered for Electronic Payment System

Design?
• Managing Credit Risk

• Describe the infrastructure required to support Credit Card Processing
• Record keeping with credit cards is one of the features consumers value
most because of disputes and mistakes in billing
• Encryption and transaction speed must be balanced
TECH
TECH
• The complexity of credit card processing takes place in the verification
phase
5. What is supply chain network?
Due to the rapid advancement of technology such as pervasive or

ubiquitous wireless and internet networks, connective product marking technologies
like RFID and emerging standards for the use of these defining specific locations using
Global Location Number(s), the basic supply chain is rapidly evolving into what is
known as a Supply Chain Network.
6. What is Offline?
Traditional Methods: (Offline methods)
a. Barter(Exaching the product)

b.Coin
c.Rupees
d. Money Order
e.DD
f.Personal Check
7. What is Online Transactions ?
Modern Methods: ( Online methods)
1. Echeck
2.ECash
3.Credit and Debit Cards
4. Digital Wallet
5. Smart Cards
8. What is Payment Processing (s/w) service provider ?
a. ICVERIFY
b. Authorize.Net
c. Cybercash
9. What is Secure Online Transaction Models ?
a. Secure Web Servers

b. Secure Server Purchasing
c. Secure Server Selling
d. Required Facilities
i. Hardware
ii. Software
iii. Services
TECH
TECH
e. Electronic Malls
10. What is Protocols for the public transport of private information (or)
Security Protocols ?
a. S-HTTP (Secure Hypertext Transfer Protocol)

b. SSL (Secure Socket Layer)
c. SET (Secure Electronic Transaction)
11. Credit Card Business Basics:
Before discussing SET , a few Credit Card processing definitions are in order .
These terms are used throughout the SET document.
Cardholder : The consumer,customer ,you!
Issuer : The bank who issued you a credit card.
Merchant : The party from whom you are buying goods and Services.
Acquirer : The financial institution/bank who establishes an account with the

merchant and processes payment authorizations and transactions for the merchant
Payment Gateway : A device operated by an acquirer (financial
institution ) that processes the merchant payment messages.
Brand : Visa,Master Card ,Discover,etc.
It is also important to point out that MasterCard and Visa are associations with
banks comprising the membership.
13. Definition Digital Wallet?
Electronic wallet (E-wallet) is a software component in which a user stores credit

card numbers and other personal information. When shopping online, the user simply
clicks the e-wallet to automatically fill in the information needed to make a purchase
(Turban. 2004:499).
14. Definition SHTTP ?
Secure hypertext transfer protocol - developed by Enterprise Integration

Technologies to ensure security with commercial transactions on the Internet.
PART – B
1. What is supply chain network?
Due to the rapid advancement of technology such as pervasive or

ubiquitous wireless and internet networks, connective product marking technologies
like RFID and emerging standards for the use of these defining specific locations using
Global Location Number(s), the basic supply chain is rapidly evolving into what is
known as a Supply Chain Network.
TECH
TECH
a. Offline and Online Transactions
1. Traditional Methods: (Offline methods)
1. Barter(Exaching the product)

2. Coin
3. Rupees
4. Money Order
5. DD
6. Personal Check
b. Modern Methods: ( Online methods)
1. Echeck
2. ECash
3. Credit and Debit Cards
4. Digital Wallet
5. Smart Cards
c. Payment Processing (s/w) service provider
1. ICVERIFY
2. Authorize.Net
3. Cybercash
d. Secure Online Transaction Models:
1. Secure Web Servers

2. Secure Server Purchasing
3. Secure Server Selling
4. Required Facilities
1. Hardware
2. Software
3. Services
5. Electronic Malls
e. Protocols for the public transport of private information (or) Security

Protocols:
1. S-HTTP (Secure Hypertext Transfer Protocol)

2. SSL (Secure Socket Layer)
3. SET (Secure Electronic Transaction)
2. In General how the System works(b/w client ,merchant & service

provider)

TECH
TECH
α. A consumer visits a merchant Webpage and makes a purchase by entering the
required information.
β. The payment client software is then loaded, and a signed message is sent to the
payment handler to initiate payment.
χ. The payment handler verifies the signature and begins a signed payment so the
consumer’s client software knows it is communicating with a genuine payment
handler.
δ. After the payment is completed, a signed receipt is issued to the consumer and
the merchant.
ε. The merchant uses this receipt or payment acknowledgement to begin the
process of shipping the goods.
Definition: SHTTP:
Secure hypertext transfer protocol - developed by Enterprise Integration

Technologies to ensure security with commercial transactions on the Internet.
Cards:
• Credit Card Postpaid

• Debit Card -Prepaid
Credit Cards
Credit Card is a card which allows a person to purchase goods and services on
borrowed money. It helps to purchase something without having to pay for it
immediately, instead the company or organization, issuing the credit card, makes the
payment on behalf of the customer but the customer is liable to pay the same to the
issuer of the card within a definite period of time which may vary depending upon the
credit card type and the issuing company. Thus, Credit Cards give financial flexibility
to the consumers.
In the year 1956 California's Bank of America first introduced credit cards to the
general mass. Some of the big vendors of credit cards are VISA, MasterCard and many
more.
In order to avail credit card, a consumer is required to open an account with

such a bank or company which is sponsoring the card. After this the company/bank
sends a credit card to him with a denominated limit to it in monetary units. The
customer is entitled to buy goods and services up to the specified credit card limit.
The service provider sends monthly bill to the customer specifying the details of his
purchase. The customer in-turn has to make the payment within a specified time
period. If the customer doesn't pay full or part of the amount within time-limit then he
has to pay monthly interest on the outstanding payment amount.
Generally, the interest rate charged by the credit card companies on the
outstanding payable amount are higher than most of the popular loans. But they are
exempted from paying the interest rates when the customer pays the full outstanding
payable amount to the card issuer within a month.
TECH
TECH
Rate of interest on the credit cards vary from card to card. The rate generally
increases with an increase in a customer's outstanding payable amount.
Severe competition has led the credit card issuing companies to offer variety of
incentives to the consumers ranging from cash back to special incentives for frequent
users to gift certificates.
There are many credit cards which offer credits at low or nil interest rates. But
in such cases the time period of low interest rates are fixed (usually from 6 months to
1 year) and after which the rate hikes considerably.
Hence, Credit Cards have become a part and parcel of the modern life which
gives financial flexibility to the consumers.
3. What is Third Party Credit Card Processor?
Internet merchant accounts can be harder to obtain. This is because of

increased security risks as no signatures are involved, nor is a card physically
presented at the point of sale. Another option may be to use a third party processor,
which is basically a payment gateway and merchant account rolled into one. A third
party credit card processor is a company that accepts credit card orders on behalf of
other online businesses.
If you are a new business with an untested product range, consider using a third
party credit card processor while you test the waters, which will incorporate a
payment gateway with a merchant account.
Many of these services will also incorporate a shopping cart application as part
of the deal (see links at the end of this article) These services may appear to cost
more, but they can save you from expensive long term contracts and initial outlay on
shopping cart applications.
If you intend using a third party credit card processor that combines gateway
services with a merchant account, added to the points already mentioned, ensure you
also check on monthly gateway fees, AVS costs, and any other added fraud protection
you wish to implement.
Rushed decisions in choosing your ecommerce applications, elements and third

party services will dramatically increase the likelihood of your business failure. This is
definitely an area where if you spend the time fully investigating all the options open
to you - you'll reap the rewards after implementation.
It is worthwhile considering contracting the services of an ecommerce

consultant to assist you in making these crucial decisions. The fees you pay to a
consultant will be returned in increased profits - and less stress.
Top rated third party credit card processor is 2checkout

TECH
TECH
low costs
$49 one time signup fee
$0.45 per Sale
5.5% of Sale Amount
30 Day money back guarantee
No application fees
No monthly fees
No statement fees
No leases
No SSL certificate to buy
No fees for ACH deposits to U.S. or participating Canadian bank accounts
Check Payment or Low Cost Wire to Non U.S. Bank Accounts
FREE shopping cart
FREE code for your web site
FREE on-line tech support why 2 checkout
No waiting weeks (Getting started immediately)
No term contracts
No equipment or software needed
Easy to use plug-n-play code
Simple commission fee structure
International suppliers accepted
List products & services just about anything
Supports recurring billing
Works with existing shopping carts
Automatic purchase order notification
State of the Art fraud detection
Great for simple or complex needs
Comprehensive account management tools
Robust shipping options
Third Party Credit Card Processors Can't afford a merchant account right now?
Check out these 3rd party credit card processing companies.
Instead of paying transaction fees, monthly statement fees, etc., they take a
percentage of your products cost (usually 3% to 15%). 3rd party processing is a great
option for Non-US businesses.
Where obtaining a merchant account is much too expensive or hard to get.

BEWARE: This type of solution is good for businesses just starting out that don't have
the money to purchase a merchant account right off the bat, but you will pay more in
the long run.
It is recommended that once you do have the funds to support a merchant

account that you purchase one. It is unwise to set up a merchant account/gateway if
you anticipate gross revenues under $650 per month .
Beyond $650 in revenues per month, a merchant account/gateway option

TECH
TECH
begins to become cost effective compared to the alternatives CCNow, ClickBank and
DigiBuy are suitable only for products that have a fairly high mark-up that can absorb
the substantial purchase costs of 8% to 14%. But this analysis only examines direct
purchase costs.
The hidden costs are in time and ease-of-use. Observe that: Several of the
service bureaus don't remit receipts immediately to the merchant There is a delay of
several weeks.
None of the service bureau solutions nor PayPal allow the merchant access to
the customer's credit card number.
PayPal's shopping cart is pretty rudimentary, figuring shipping only crudely and taxes
not at all.
DigiBuy provides a sophisticated digital download and registration system, but

takes about 14% -- a significant chunk of the total sales price .
CCNow's shopping cart is better than PayPal's, but their shipping calculation is
crude Since they are a Delaware corporation, state sales tax need not be calculated.
ClickBank has no shopping cart at all. An affiliate program is included in

ClickBank, possible with DigiBuy and CCNow, and totally frustrated by PayPal.
Other third party credit card processors :
PayPal Paypal is flexible enough to serve as a complete billing solution. It provides a

variety of E-commerce solutions that can be integrated into your Web site in a few
easy steps.
For example, a simple “purchase button” can be placed on your Web site. Once
a visitor decides to make a purchase, all they have to do is click on the button and
submit their information. That button sends the request to PayPal's back end where it
processes the entire transaction for you. And if your business sells multiple products
and services, PayPal can even provide you with a shopping cart solution free of
charge.
clickbank To use ClickBank you must:
Agree to sell us access to your digital product. Place a "Buy It At ClickBank"

button on your web site. Offer detailed technical support pages for your product at
your web site.
You can set the suggested retail price for your product. Each time we sell your
product, we pay you (and the affiliate, if any) that retail price less $1 + 7.5%.
ClickBank has a one-time $49.95 activation fee, and no monthly fees.
TECH
TECH
Basic Requirements
ClickBank only lists specific types of products. All products must be:
Deliverable entirely over the internet via web pages, downloadable files, or
email.
Deliverable to every customer within 24 hours of purchase.
Backed by a valid customer support email address, to which paying customers

and ClickBank staff can send inquiries and receive a human (non-automated) reply by
the end of the following business day.
Backed by appropriate technical support pages, written in English, and hosted at your
own web site.
Fully compliant with US law, including FTC Advertising Rules and Disclosure
Rules Digibuy Digibuy is an electronic commerce solution for publishers of software,
shareware, electronic art, information, and data.
Using DigiBuy's turnkey service, you can quickly and inexpensively build a
secure storefront to merchandise your products, take orders online, process
payments, and distribute digital products over the Internet.
Take a look at DigiBuy's features We also offer a service for college students
and faculty looking to start their own digital business.
DigiBuy University is free to students and faculty.
Ibill Don't Have An Internet Merchant Account?
iBill Complete: As your merchant, iBill handles all banking, risk management,
affiliate management and customer service issues for clients selling products and
services on the Internet.
In addition, iBill Complete offers the most comprehensive payment options on

the web, including credit cards, online checks, and telephone billing.
Already Have or Want an Internet Merchant Account? iBill Processing Plus :

Serves the needs of merchants who manage their business with an individual Internet
merchant account handling their own customer service.
iBill provides transaction processing, fraud control, business reporting tools,

subscription capability, shopping cart functionality, and affiliate management.
ccnow Are you an independent business with great products to sell? Let CCNow assist
you in selling online so that you have the time to manage the rest of your business.
TECH
TECH
CCNow is the perfect low cost solution to selling your products online. Learn how
CCNow helps business find customers online
4. What is E-Cash?
E-Cash represents several different types of products. This section explores the
different types of e-cash products and how each functions. The pros and cons of e-
cash versus competing products is also examined.
While many different companies are rushing to offer digital money products,
currently e-cash is cash is represented by two models. One is the on-line form of e-
cash (introduced by DigiCash) which allows for the completion of all types of internet
transactions. The other form is off-line; essentially a digitally encoded card that could
be used for many of the same transactions as cash. This off-line version (which also
has on-line capabilities) is being tested by Mondex in partnership with various banks.
The primary function of e-cash is to facilitate transactions on the Internet. Many

of these transactions may be small in size and would not be cost efficient through
other payment mediums such as credit cards. Thus, WWW sites in the future may
charge $0.10 a visit, or $0.25 to download a graphics file. These types of payments,
turning the Internet into a transaction oriented forum, require mediums that are easy,
cheap (from a merchants perspective), private (see Privacy), and secure (see
Security). Electronic Cash is the natural solution, and the companies that are
pioneering these services claim that the products will meet the stated criteria. By
providing this type of payment mechanism, the incentives to provide worthwhile
services and products via the Internet should increase. Another prospective
beneficiary from these developments would be Shareware providers, since currently
they rarely receive payments. To complete the digital money revolution an offline
product is also required for the pocket money/change that most people must carry for
small transactions (e.g. buying a newspaper, buying a cup of coffee, etc...).
The concept of electronic money is at least a decade old. [Hewitt 1994]

demonstrates that check writing is a pre-cursor to E-cash. When one person writes a
check on his bank account and gives the check to another person with an account at a
different bank, the banks do not transfer currency. The banks use electronic fund
transfer. Electronic money, removes the middleman. Instead of requesting the banks
to transfer the funds through the mechanism of a check, the E-cash user simply
transfers the money from his bank account to the account of the receiver.
The reality of E-cash is only slightly more complicated, and these complications
make the transactions both secure and private. The user downloads electronic money
from his bank account using special software and stores the E-cash on his local hard
drive. To pay a WWW merchant electronically, the E-cash user goes through the
software to pay the desired amount from the E-cash "wallet" to the merchants local
hard drive ("wallet") after passing the transaction through an E-cash bank for
authenticity verification. The merchant can then pay its bills/payroll with this E-cash or
upload it to the merchant's hard currency bank account. The E-cash company makes
money on each transaction from the merchant (this fee is very small, however) and
TECH
TECH
from royalties paid by banks which provide customers with E-cash software/hardware
for a small monthly fee. Transactions between individuals would not be subject to a
fee.
E-cash truly globalizes the economy, since the user can download money into
his cyber-wallet in any currency desired. A merchant can accept any currency and
convert it to local currency when the cybercash is uploaded to the bank account.
To the extent a user wants E-cash off-line, all that is necessary is smart card
technology. The money is loaded onto the smartcard, and special electronic wallets
are used to offload the money onto other smartcards or directly to an on-line system.
Smartcards have been used successful in other countries for such transactions as
phone calls for a number of years. The money could also be removed from a
smartcard and returned to a bank account. Visa is developing a related product, the
stored value card. This card comes in a variety of denominations, but functions more
like a debit card than E-cash.
In essence, E-cash combines the benefits of other transaction mediums. Thus, it

is similar to debit/credit cards, but E-cash allows individuals to conduct transactions
with each other. It is similar to personal checks, but it is feasible for very small
transactions. While it appears superior to other forms, E-cash will not completely
replace paper currency. Use of E-cash will require special hardware, and while most
people will have access, not all will. However, E-cash presents special challenges for
the existing "middlemen" of the current paper currency society. More and more,
banks and other financial intermediaries will serve simply as storehouses for money,
lenders, and processing/verifying electronic transactions. Personal interaction with a
teller, or even visits to a bank ATM will become obsolete. All one will have to do is turn
on his computer.
E-Cash Security
b.Security is of extreme importance when dealing with monetary transactions.
Faith in the security of the medium of exchange, whether paper or digital, is essential
for the economy to function.
There are several aspects to security when dealing with E-cash. The first issue is
the security of the transaction. How does one know that the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing bank to verify
(quickly) the authenticity of E-cash. These methods are susceptible to hackers, just as
paper currency can be counterfeited. However, promoters of E-cash point out that the
encryption methods used for electronic money are the same as those used to protect
nuclear weapon systems. The encryption security has to also extend to the smartcard
chips to insure that they are tamper resistant. While it is feasible that a system wide
breach could occur, it is highly unlikely. Just as the Federal Government keeps a step
ahead of the counterfeiters, cryptography stays a step ahead of hackers.
Physical security of the E-cash is also a concern. If a hard drive crashes, or a

smartcard is lost, the E-cash is lost. It is just as if one lost a paper currency filled
wallet. The industry is still developing rules/mechanisms for dealing with such losses,
TECH
TECH
but for the most part, E-cash is being treated as paper cash in terms of physical
security. Companies are making some exceptions when it comes to a
software/hardware failure, but these are supposed to be rare. To help customers get
used to this concept, most companies are limiting E-cash wallets to $500, reflecting
the primary use of E-cash for low value transactions. There is a benefit to E-cash in
the area of theft, however. A mugger or pickpocket would not be able to make use of
another's smartcard without the appropriate password. Merchants should also lose
less cash to employee theft, since the electronic cash will be inaccessible (or, at a
minimum, traceable).
The ultimate area of security is faith in the currency. This, however, would still
be the responsibility of the Federal Government on a systemic basis. Essentially, the
E-cash is merely a representation of hard currency on deposit at banks. Thus, faith in
the system should not falter.
E-Cash Privacy
c. Transactions involving paper currency are difficult to trace. If digital money is to

replace paper currency, it must retain certain aspects of this quality.
As information technologies expand, privacy becomes of greater concern.

People are realizing that with every credit card transaction, corporate databases are
becoming larger and larger. By using paper currency, people are able to exclude
themselves from these databases. Therefore, for e-cash to be effective, it must
maintain this privacy function.
DigiCash claims it has developed a system that provides privacy for the user
without sacrificing security for the receiver. If a system is completely private, the
merchant has no way of verifying the validity of the electronic money. The user would
also be unable to have a receipt for the transaction. However, DigiCash utilizes a one-
sided signature. Basically, the user keeps record of payments made, but the merchant
only receives enough information to allow his bank to verify the authenticity of the E-
cash.
This signature process is also suppose to deter the criminal element of cash
transactions. Since a record of the transaction is created and kept (by the payee),
extortion, bribes, or other illegal transactions should occur less frequently.
E-Cash Regulation
A new medium of exchange presents new challenges to existing
laws. Largely, the laws and systems used to regulate paper currency are
insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency issuers.
In addition, consumer liability from bank cards will also have to be addressed
(currently $50 for credit cards). E-cash removes the intermediary from currency
transactions, but this also removes much of the regulation of the currency in the
current system.

TECH
TECH
Tax questions immediately arise as to how to prevent tax evasion at the income
or consumption level. If cash-like transactions become easier and less costly,
monitoring this potential underground economy may be extremely difficult, if not
impossible, for the IRS.
The more daunting legal problem is controlling a potential explosion of private
currencies. Large institutions that are handling many transactions may issue
electronic money in their own currency. The currency would not be backed by the full
faith of the United States, but by the full faith of the institution. This is not a problem
with paper currency, but until the legal system catches up with the digital world, it
may present a problem with cybercash.
5. Explain Digital Wallet?
Definition
Electronic wallet (E-wallet) is a software component in which a user stores credit

card numbers and other personal information. When shopping online, the user simply
clicks the e-wallet to automatically fill in the information needed to make a purchase
(Turban. 2004:499).
E-wallet is basically another online payment scheme that functions as a carrier

of e-cash, in the same way that a wallet is used to carry real cash for doing a physical
transaction in an actual shop. The purpose is to offer a secure and easy means of
online payment (Awad, 2003:492).
Four steps of using E-wallet
a. Decide on an online shop website.
b. Download the wallet form from the website and fill out the personal information
such as credit number, phone number, and address. By filling out the details once,
personal information will be completed automatically when customers click the E-
wallet when purchasing in the future.
c. Fill out the personal information as to where customers want merchandise to be

shipped.
d. When customers are ready to buy, one way is to click the E-wallet button to
execute the process; or drag information out of the wallet and drop it into the online
form.
Cooperating companies
The Electronic Commerce Modeling Language (ECML) is an organizational

attempt to set standards for e-wallet vendors in the industry. It provides guidelines for
Web merchandise in exchanging data for shipping, billing, and payment between
users and merchants. Supporting companies include: American Express, America
TECH
TECH
Online, Brodia, Compaq Computer, CyberCash, Discover, IBM, MasterCard
International, Microsoft, Novell, Sun Microsystems and Visa International (Casselman,
2000).
Other on-line merchants who use e-wallet mode and support ECML include
1800-Batteries, Beyond.com, Dell Computer, Fashion.com, Healthshop.com,
Nordstrom , Omaha Steaks, and Reel.com (Casselman, 2000).
Advantages and disadvantages
Jupiter Communications report that 27% of online buyers abandon orders before
checking out because of the hassle of filling out forms (Graphic Arts Monthly, 1999). E-
wallet shortens and simplifies the process of repeatedly filling out detailed
information, in a save environment. Customers not only save time but also have
control of personal data by being able to drag the proper card from the E-wallet pop-
up screen (Quinton, 1999:32).
However, the drawback is that users must download the wallet form and
software, after the download is complete, the wallet is installed as a plug-in or ActiveX
control which is within a browser that must also be installed. browser (Kerstetter,
1998:10).
E-wallet in the future
Due to the popularity of the mobile phone, mobile phone bill payments will
predictably increase in the future. In Scandinavian countries such as Finland and
Sweden, it is estimate that over 60% of the population has mobile phones and already
has wireless mobile devices to pay for everyday purchases (Rayport and Jaworski,
2002:567).
EWallet Definition
eWallet is a system that stores a customer's data for easy retrieval for online
purchases. Since completing forms as part of an e-tail transaction can be a reason for
aborting a transaction, an eWallet service can reduce this inconvenience for the
consumer.
6. Explain Digital Currencies and Payment Systems? (also known as

electronic cash, electronic currency, digital money, digital cash or digital
currency)
Electronic money (also known as electronic cash, electronic currency,

digital money, digital cash or digital currency) refers to money or scrip which is
exchanged only electronically. Typically, this involves use of computer networks, the
internet and digital stored value systems. Electronic Funds Transfer (EFT) and direct
deposit are examples of electronic money. Also, it is a collective term for financial
cryptography and technologies enabling it.
TECH
TECH
While electronic money has been an interesting problem for cryptography (see
for example the work of David Chaum and Markus Jakobsson), to date, use of digital
cash has been relatively low-scale. One rare success has been Hong Kong's Octopus
card system, which started as a transit payment system and has grown into a widely
used electronic cash system. Another success is Canada's Interac network, which in
2000 at retail (in Canada) surpassed cash [1] as a payment method. Singapore also
has an electronic money implementation for its public transportation system
(commuter trains, bus, etc), which is very similar to Hong Kong's Octopus card and
based on the same type of card (FeliCa). a good way to earn money easy, is noising to
bux, that pays you for see websites. join here..
Alternative systems
Technically electronic or digital money is a representation, or a system of debits

and credits, used (but not limited to this) to exchange value, within another system,
or itself as a stand alone system, online or offline. Also sometimes the term electronic
money is used to refer to the provider itself. A private currency may use gold to
provide extra security, such as digital gold currency. An e-currency system may be
fully backed by gold (like e-gold and c-gold), non-gold backed (like eeeCurrency), or
both gold and non-gold backed (like e-Bullion and Liberty Reserve).
Many systems will sell their electronic currency directly to the end user, such as
Paypal and WebMoney, but other systems, such as e-gold, sell only through third
party digital currency exchangers.
In the case of Octopus Card in Hong Kong, deposits work similarly to banks'.
After Octopus Card Limited receives money for deposit from users, the money is
deposited into banks, which is similar to debit-card-issuing banks redepositing money
at central banks.
Some community currencies, like some LETS systems, work with electronic
transactions. Cyclos Software allows creation of electronic community currencies.
Ripple monetary system is a project to develop a distributed system of

electronic money independent of local currency.
Virtual debit cards
Various companies now sell VISA, Mastercard or Maestro debit cards, which can
be recharged via electronic money systems. This system has the advantage of greater
privacy if a card provider is located offshore, and greater security since the client can
never be debited more than the value on the prepaid card. Such debit cards are also
useful for people who do not have a bank account. Generally cards can be recharged
with either e-gold, e-Bullion, WebMoney, or via a wire transfer.
Advantages
TECH
TECH
Most money in today’s world is electronic, and tangible cash is becoming less
frequent. With the introduction of internet / online banking, debit cards, online bill
payments and internet business, paper money is becoming a thing of the past.
Banks now offer many services whereby a customer can transfer funds,
purchase stocks, contribute to their retirement plans (such as Canadian RRSP) and
offer a variety of other services without having to handle physical cash or cheques.
Customers do not have to wait in lines; this provides a lower-hassle environment.
Debit cards and online bill payments allow immediate transfer of funds from an
individual's personal account to a business's account without any actual paper
transfer of money. This offers a great convenience to many people and businesses
alike.
Disadvantages
Although there are many benefits to digital cash, there are also many
significant disadvantages. These include fraud, failure of technology, possible tracking
of individuals and loss of human interaction.
Fraud over digital cash has been a pressing issue in recent years. Hacking into
bank accounts and illegal retrieval of banking records has led to a widespread
invasion of privacy and has promoted identity theft. [citation needed]
There is also a pressing issue regarding the technology involved in digital cash.
Power failures, loss of records and undependable software often cause a major
setback in promoting the technology. [citation needed]Privacy questions have also
been raised; there is a fear that the use of debit cards and the like will lead to the
creation by the banking industry of a global tracking system. Some people are
working on anonymous ecash to try to address this issue. The issue of providing
anonymity to users itself introduces more problems, however; there is the distinct
possibility that a fully anonymous digital cash system could permit the "perfect crime"
- i.e., where a criminal uses someone else's electronic cash to make a payment, but
cannot be traced - to occur. For this reason, 'revokable anonymity' is a suggested
solution: a user is fully anonymous until they commit some crime, at which point
authorisation is given for their identity to be revealed. However, critics of this policy
point out that the anonymous users will never be caught and held trial (thus their
identity will never be revealed) without tracing.[citation needed]
Future evolution
The main focuses of digital cash development are 1) being able to use it through
a wider range of hardware such as secured credit cards; and 2) linked bank accounts
that would generally be used over an internet means, for exchange with a secure
TECH
TECH
micropayment system such as in large corporations (PayPal).
Furthering network evolution in terms of the use of digital cash, a company

named DigiCash is at the focus of creating an e-cash system that would allow issuers
to sell electronic coins at some value. When they are purchased they come under
someone’s own name and are stored on his computer or under his online identity. At
all times, the e-cash is linked to the e-cash company and all transactions go through
it, so the e-cash company secures anything that is purchased. Only the company
knows your information and will properly direct purchases to your location.
Theoretical developments in the area of decentralized money are underway that

may rival traditional, centralized money. Systems of accounting such as Altruistic
Economics are emerging that are entirely electronic, and can be more efficient and
more realistic because they do not assume a zero-sum transaction model.
6. Explain Secure Electronic Transaction (SET) ?
Secure Electronic Transaction (SET) is a standard protocol for securing credit

card transactions over insecure networks, specifically, the Internet. SET is not itself a
payment system, but rather a set of security protocols and formats that enables users
to employ the existing credit card payment infrastructure on an open network in a
secure fashion.
SET was developed by VISA and MasterCard (involving other companies such as
GTE, IBM, Microsoft, Netscape, RSA and VeriSign) starting in 1996.
SET is based on X.509 certificates with several extensions. SET uses a blinding
algorithm that, in effect, lets merchants substitute a certificate for a user's credit-card
number. This allows traders to credit funds from clients' credit cards without the need
of the credit card numbers.
SET makes use of cryptographic techniques such as digital certificates and

public key cryptography to allow parties to identify themselves to each other and
exchange information securely.
SET was heavily publicized in the late 1990's as the credit card approved
standard, but failed to win market share. Reasons for this include:
Network effect - need to install client software (an e wallet).
Cost and complexity for merchants to offer support and comparatively low cost
and simplicity of the existing, adequate SSL based alternative.
Client-side certificate distribution logistics.
SET was said to become the de facto standard of payment method on the
Internet between the merchants, the buyers, and the credit-card companies. When
SET is used, the merchant itself never has to know the credit-card numbers being sent
TECH
TECH
from the buyer, which provide a benefit for e-commerce.
The SET Protocol
People today pay for online purchases by sending their credit card details to the
merchant. A protocol such as SSL or TLS keeps the card details safe from
eavesdroppers, but does nothing to protect merchants from dishonest customers or
vice-versa. SET addresses this situation by requiring cardholders and merchants to
register before they may engage in transactions. A cardholder registers by contacting
a certificate authority, supplying security details and the public half of his proposed
signature key. Registration allows the authorities to vet an applicant, who if approved
receives a certificate confirming that his signature key is valid. All orders and
confirmations bear digital signatures, which provide authentication and could
potentially help to resolve disputes. A SET purchase involves three parties: the
cardholder, the merchant, and the payment gateway (essentially a bank). The
cardholder shares the order information with the merchant but not with the payment
gateway. He shares the payment information with the bank but not with the
merchant. A set dual signature accomplishes this partial sharing of information while
allowing all parties to confirm that they are handling the same transaction. The
method is simple: each party receives the hash of the withheld information. The
cardholder signs the hashes of both the order information and the payment
information. Each party can confirm that the hashes in their possession agrees with
the hash signed by the cardholder. In addition, the cardholder and merchant compute
equivalent hashes for the payment gateway to compare. He confirms their agreement
on the details withheld from him. All parties are protected. Merchants do not normally
have access to credit card numbers. Moreover, the mere possession of credit card
details does not enable a criminal to make a SET purchase; he needs the cardholder’s
signature key and a secret number that the cardholder receives upon registration. The
criminal would have better luck with traditional frauds, such as ordering by telephone.
It is a pity that other features of SET (presumably demanded by merchants) weaken
these properties. A merchant can be authorized to receive credit card numbers and
has the option of accepting payments given a credit card number alone. SET is a
family of protocols. The five main ones are cardholder registration, merchant
registration, purchase request, payment authorization, and payment capture. There
are many minor protocols, for example to handle errors. SET is enormously more
complicated than SSL, which merely negotiates session keys between the
cardholder’s and merchant’s Internet service providers. Because of this complexity,
much of which is unnecessary, the protocol is hardly used. However, SET contains
many features of interest: – The model is unusual. In the registration protocols, the
initiator possesses no digital proof of identity. Instead, he authenticates himself by
filing a registration form whose format is not specified. Authentication takes place
outside the protocol, when the cardholder’s bank examines the completed form. – The
dual signature is a novel construction. The partial sharing of information among three
peers leads to unusual protocol goals. – SET uses several types of digital envelope. A
digital envelope consists of two parts: one, encrypted using a public key, contains a
fresh symmetric key K and identifying information; the other, encrypted using K,
conveys the full message text. Digital envelopes keep public-key encryption to a
TECH
TECH
minimum, but the many symmetric keys complicate the reasoning. Most verified
protocols distribute just one or two secrets.
Business requirements
Book 1 of the SET specification lists the following business requirements for
secure payment processing with credit cards over the Internet and other networks:
• Provide confidentiality of payment and ordering information

• Ensure the integrity of all transmitted data
• Provide authentication that a cardholder is a legitimate user of a credit card
account
• Provide authentication that a merchant can accept credit card transactions
through its relationship with a financial institution
• Ensure the use of the best security practices and system design techniques to
protect all legitimate parties in an electronic commerce transaction
• Create a protocol that neither depends in transport security mechanisms nor
prevents their use
• Facilitate and encourage interoperability among software and network providers
Key features
To meet the business requirements, SET incorporates the following
features:
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication
Participants
A SET system includes the following participants:
• Cardholder
• Merchant
• Issuer
• Acquirer
• Payment gateway
• Certification authority
Transaction (2, 8 mark)
The sequence of events required for a transaction are as follows:

TECH
TECH
• The customer obtains a credit card account with a bank that supports electronic
payment and SET
• The customer receives an X.509v3 digital certificate signed by the bank.
• Merchants have their own certificates
• The customer places an order
• The merchant sends a copy of its certificate so that the customer can verify that
it's a valid store
• The order and payment are sent
• The merchant requests payment authorization
• The merchant confirms the order
• The merchant ships the goods or provides the service to the customer
• The merchant requests payment
8. Explain Dual signature?
An important innovation introduced in SET is the dual signature. The purpose of

the dual signature is the same as the standard electronic signature: to guarantee the
authentication and integrity of data. It links two messages that are intended for two
different recipients. In this case, the customer wants to send the order information
(OI) to the merchant and the payment information (PI) to the bank. The merchant
does not need to know the customer's credit card number, and the bank does not
need to know the details of the customer's order. The link is needed so that the
customer can prove that the payment is intended for this order.
9. Explain SECURITY PROTOCOLS?
SSL and S-HTTP
Electronic commerce payment protocols

Secure HTTP HTTP Other Applications
Secure Socket Layer (SSL)
Transport Control Protocol (TCP)
Internet Protocol (IP)
S-HTTP
Define HTTP:
HTTP is a communication protocol used to convey information in the

WWW hyperlinked.
S-HTTP:
S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP)

TECH
TECH
that allows the secure exchange of files on the World Wide Web.
Each S-HTTP file is either encrypted, contains a digital certificate, or both. For a
given document, S-HTTP is an alternative to another well-known security protocol,
Secure Sockets Layer (SSL).
A major difference is that S-HTTP allows the client to send a certificate to

authenticate the user whereas, using SSL, only the server can be authenticated. S-
HTTP is more likely to be used in situations where the server represents a bank and
requires authentication from the user that is more secure than a userid and password.
S-HTTP does not use any single encryption system, but it does support the
Rivest-Shamir-Adleman public key infrastructure encryption system.
SSL works at a program layer slightly higher than the Transmission Control
Protocol (TCP) level. S-HTTP works at the even higher level of the HTTP application.
Both security protocols can be used by a browser user, but only one can be
used with a given document. Terisa Systems includes both SSL and S-HTTP in their
Internet security tool kits.
A number of popular Web servers support both S-HTTP and SSL. Newer browsers
support both SSL and S-HTTP.
S-HTTP has been submitted to the Internet Engineering Task Force (IETF) for
consideration as a standard. Request for Comments (RCFs) Internet draft 2660
describes S-HTTP in detail.
1. An Extension of the WWW protocol

2. Adds security directly to the application.
3. Basics of the WWW.
4. To require S-HTTP to transmit a document, its URL must be defined in the form
Shttp://www.mcompany.com/secure.html
5. The browser should implement this protocol(s-http) in his else we cant access the s-
http document.
S-HTTP Security Features:
Add security at the app/. Level

Obj: wide range of security mechanisms on top of the interactions b/w web browser
and web server.
Protection mechanisms include the following:

1.Digital Signature 2. Message Authentication
3.Message Encryption
It support for many cryptography formats. including ->public key cryptography ,
TECH
TECH
private key cryptography.
It used for key distribution scheme.
Secure HTTP Data Transport
S-HTTP encapsulates the HTTP interactions between browser and server.
It Means the being sent from browser to server or server to browser is contained
within a special S-HTTP chunk of data
Secure HTTP header

information
Secure HTTP data That is an s-http
(this may be encrypted) msg sent from a server
to a browser includes
data that is “wrapped” by a header with handling and contents information about the
data.
Therefore S-HTTP Header + Package.
• S-HTTP Explained
o Secure HTTP Header Lines
Two important header lines for S-HTTP
a. Content Type Identifying the type of content contained within the S-HTTP
message.
b. Content Privacy Domain  Identifying the general cryptographic implementation

being used
S-HTTP Msg Contents
It is simple data /http data.
The contents of an s-http msg are interpreted by the receiving entity(browser/server)

based on
* Package (how the data) is labeled

* What Kind Of Security
S-HTTP Security Negotiation Headers
Four different issues are negotiated between server and browser:
a. Property -> What Kind of Security Option is being selected (cryptography

scheme) to apply to a transfer.

TECH
TECH
b. Value -> implementation
c. Direction -> security enhanced transmission between server and browser.
d. Strength - > how strongly negotiated
This are used to transfer data in a secure manner.
Related Protocol Extensions
Data is requested & delivered across the WWW using HTTP and S-HTTP.
Two other important protocols are there ( without which the WWW would not exist)
a. URL protocol defining the syntax of web documents and locations.
b. HTML protocol defining the syntax of the document themselves.
10. Explain Secure Sockets Layer(SSL) ?
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),
are cryptographic protocols that provide secure communications on the Internet for
such things as web browsing, e-mail, Internet faxing, instant messaging and other
data transfers. There are slight differences between SSL and TLS, but the protocol
remains substantially the same. The term "TLS" as used here applies to both protocols
unless clarified by context.
<>
Netscape Communications has proposed a protocol for providing data security

layered between high-level application protocols and TCP/IP. This Security protocol,
called ssl. Provides data encryption, server authentication, message integrity, and
optional client authentication for a TCP/IP connection.

TECH
TECH
WEB SECURITY LAYERS

Electronic commerce
applications
S-HTTP
TCP – based application
protocol
(HTTP,SMTP,NNTP)
SSL
IP
SSL provides a security “Handshake” to initiate the TCP/IP connection
This handshake results in the client & server agreeing on the level of security
they will use & fulfill any authentication requirements for the connection.
Role of the SSL:

Is to encrypt and decrypt the msg stream.
This protocol fully encrypts all the information in both the HTTP request and
HTTP response (URL, credit card numbers, username and pwd) and all the data
returned from the server to the client.
To require SSL to transmit a document, its URL must be defined in the form
:https://www.mcompany.com/secure.html
NOTE:
If the browser was implemented by S-HTTP & SSL protocol means we can view
the webpage S-HTTP , SSL and HTTP documents. Else we can view only HTTP
document.
SSL Record Specification:
It encapsulates the data transmitted between server and the client in an SSL
RECORD. However, the SSL header is only two or three bytes long; it is primarily used
to indicate how much data has been encapsulated and whether that includes data
padding to fill out the SSL record.
Data Padding is often necessary to make sure that the “real” data can be
properly encrypted with certain types of cipher.
Initiating an SSL Session
An SSL session begins after the TCP session is initiated. SSL uses a handshaking
protocol, with the client and the software exchanging specific pieces of information in
TECH
TECH
order to build a secure channel for transmitting data.
The very first exchange between client and server is in plain text and contains
enough information for the two systems to initiate an encrypted and authenticated
data stream.
The SSL client and server exchange information in a connection opening

handshake sequence before opening the secure channel.
a. Client to the Server
MSG: client-hello(challenge data and cipher specifications)
b. Server to the Client
Server-hello(connection ID, public key certificate, cipher specifications)
c. Client to the Server
Two msgs.
1.client - master-key(encrypted master key)
2. client – finish (connection ID, encrypted)
d. Server to the Client
Two msgs:
1. server - verify (encrypted challenge data)
2. server – finish (session ID)
Because HTTP +SSL(https) and http are different protocols and typically reside
on different ports (443 and 80, respectively), the same server system can run both
secure and insecure HTTP servers simultaneously. This means that HTTP can provide
some information to all users using no security, and https can provide information
only securely. For, instance, the “store-front” and merchandise catalog could be
insecure and the ordering payment forms could be secure.
Browsers who do not implement support for HTTP over SSL will not be able to access
https URLs.

TECH
TECH
UNIT – IV
PART – A
1. What is E-Commerce Providers ?
E-com providers are those who make enough preparations or arrangements

for the business via the internet. They use the latest and apt technologies so that they
can be successful to best adapt the internet business environment.
Ex. Visa , mastercard
2. What is Online Commerce Options ?
When customers order products electronically they should not make any
choices or any special arrangements. So the merchants should only make
arrangements for the products that he is going to sell via the net that is with the basic
requirements the customers should be able to order products.
For this purpose Banks and other financial institutions are working with
companies like cybercash, first virtual, netscape, Microsoft and others in an effort to
produce payment system for consumers and merchant alike.
3. What is Consumer choices ?
Consumers can opt to do nothing beyond getting a web browser that supports
the secure exchange of transaction info. Using either SSL or SHTTP protocols.
This may prove sufficient for many consumer needs:

a. lets the customer pay for goods and services by credit card.
b. It protects the transaction from being intercepted.
But his doesn’t protect the consumers from dishonest merchants. For that consumers
must be educated.
The transaction of the amount is made with the credit cards. But problems are also
there with these credit cards.
c. The card we use may not be accepted by the merchant
d. Some cards may be accepted in more places but not at the places that we need to
shop.

TECH
TECH
e. For security purpose we can Register with a third party which will act as a go
between for the merchant and the consumer. i.e. he can act on behalf of both the
merchant & the consumer.
f. For consumer with spl bank a/c electronic checking or digital cash products may be
a good option where the consumer encrypts the payment settlement into and is sent
to the consumers bank where it is decrypted. Then the payment is sent to the
merchant
4. What is Merchant Options?
a. The merchants must take greater care in setting up to accept electronic payments.
b. For this we can have someone to manage a secure web server and set up shop
there
c. There are hundreds of “electronic malls “ active on the internet on which
merchants can set up these shop.
PART – B
1. What is Functions and Features of electronic commerce?

TECH
TECH
The expectation of consumers from the electronic commerce provider will probably be
• Reliability
• Security
• Simplicity
• Acceptability
Reliability
Consumers have come to rely on their credit cards and charge card companies
not just to extend credit, but to extend protection against.
a. Unsourplous vendors
b. Thieves
c. Vicissitudes of daily life
The same kind of reliability will be expected of electronic commerce providers.
Security
a. This is a very important issue which will never go away.

b. The strongest possible encryption will have many security loop hole in it.(Even if
the strongest possible encryption is used to send payment info. there are still many
security holes).
This kind of transactions and methods used in encryption and decryption for
security can be exposed three any no. of non_internet attacks.
c. The dissatisfied employee with access to payment info.

d. Storage of payment info with insufficient security.
e. Improper disposal of printed material.
Simplicity
a. E-com schemes must be simple to achieve widespread appeal.

b. Consumers prefer to use a single, multipurpose credit card such as Visa or Master
card rather than set up credit accounts with every diff retailer they purchase from.
c. The same goes for e-com schemes, if they can be made to be simple, painless and
even more easy than transacting business in person, then they will be successful.
Acceptability
E-com schemes should offer widespread acceptability.
A scheme that is accepted only by a few merchants will not be attractive to

consumers who don’t do business with those merchants, a scheme that few
TECH
TECH
consumers have chosen will be one that merchants seek out.
Conclusion
The industry is still in the very earliest phase of its infancy and is undergoing
rapid change every day . There are many companies that are involved in the internet
commerce area. Some of them are working together, while others are competing, the
only certainty is that “ Things will Change!!!”
2. Explain FVIPS(FIRST VIRTUAL INTERNET PAYMENT SYSTEM)?
First Virtual was one of the first Internet payment systems to be available to the
public, becoming fully operational in October of 1994. A main goal of this company
was to create an Internet payment system that was easy to use. Neither buyers nor
sellers are required to install new software, (though automated sale processing
software is available). If you have access to Internet email, you can sell or buy over
the Internet using the First Virtual System.
The First Virtual payment system is unique in that it does not use encryption. A
fundamental philosophy of their payment system is that certain information should
not travel over the Internet because it is an open network. This includes credit card
numbers. Instead of using credit card numbers, transactions are done using a First
VirtualPIN which references the buyer's First Virtual account. These PIN numbers can
be sent over the Internet because even if they are intercepted, they cannot be used to
charge purchases to the buyer's account. A person's account is never charged without
email verification from them accepting the charge.
Their payment system is based on existing Internet protocols, with the

backbone of the system designed around Internet email and the MIME (Multipurpose
Internet Mail Extensions) standard. First Virtual uses email to communicate with a
buyer to confirm charges against their account. Sellers use either email, Telnet, or
automated programs that make use of First Virtual's Simple MIME Exchange Protocol
(SMXP) to verify accounts and initiate payment transactions.
The following steps occur during a sale when using the First Virtual payment
system:
Merchant requests buyer's First VirtualPIN (usually through a form on a WWW page).
Merchant can then check whether the VirtualPIN actually belongs to a real First
Virtual account that is in good standing. Merchants can verify accounts by using the
following programs; Finger, Telnet, email, or the FV_API utility.
Note - Verifying the account is an optional step in the sale process.
The merchant then initiates a payment transaction through First Virtual. This
payment transaction is initiated by sending the following information either by email,
TECH
TECH
Telnet, or a SMXP enabled program to First Virtual;
Buyer's First VirtualPIN

Merchant's First VirtualPIN
The amount and currency of the sale (Not everything is processed in dollars!)
A description of the item for sale
First Virtual generates an email request to the buyer to confirm the sale. This email
request contains the following sale information:
The merchant's full name
The amount of the sale
A description of the item bought
Buyer confirms sale by sending a YES response to back to First Virtual
A buyer can also respond NO, to state that they are unsatisfied with the item
and are unwilling to pay, or FRAUD, to state that they never made the purchase and
someone must have stolen their VirtualPIN.
If a buyer does not respond in a reasonable time, their account is suspended.
First Virtual sends a transaction result message to the merchant, indicating

whether the buyer accepted the charges.
After a waiting period, (91 days after buyer's credit card has been charged), the
amount of the sale minus transaction fees are directly deposited into the merchant's
account.
Note - The 91 day waiting period is in place to protect First Virtual from buyers who
dispute the charge on their credit card and have the credit card company chargeback
First Virtual for all or part of the sale.
Merchant assumes all risk!

The First Virtual payment system has several advantages and disadvantages
over other payment systems used on the Internet.
Advantages:
Neither buyer or seller needs to install any software in order to use the system.
Buyers are virtually 100 % protected from fraud. No charges are processed against
their account without their confirmation.
Purchases are essentially anonymous. The merchant is never given the buyer's name
from First Virtual.

TECH
TECH
It is extremely easy to become a merchant, or seller, under First Virtual. First

Virtual does not screen merchants, nor do they require merchants to have a special
business accounts established with a bank. All a person needs to sell merchandise,
services, data, etc.. over the Internet is an ordinary checking account.
First Virtual has very low processing fees compared to other Internet payment
schemes or even straight credit card processing.
Disadvantages:
Merchant assumes all risk!

Extremely long waiting period between when a sale is made and when payment
is deposited in the merchant's account.
I strongly urge that anyone interested in learning more about First Virtual visit
their WWW site. It contains detailed descriptions of everything involved plus the forms
necessary for opening an account. They have also recently published a paper
discussing their first year on line, Perils and Pitfalls of Practical CyberCommerce.
3. Explain CyberCash?
It was an internet payment service for electronic commerce, headquartered in

Reston, Virginia. It was founded in August 1994 by Daniel C. Lynch (who served as
chairman) and William N. Melton (who served as president and CEO, and later
chairman). The company initially provided an electronic wallet software to consumers
and provided software to merchants to accept credit card payments. Later they also
offered "CyberCoin", a micropayment system modeled after the NetBill research
project at Carnegie Mellon University, which they later licensed. Despite a trial with
ESPN.com, CyberCoin never took off, and the focus remained on providing software
for consumers and merchants to process credit card payments.
In 1995, the company proposed RFC 1898, CyberCash Credit Card Protocol
Version 0.8. The company went public on February 19, 1996 with the symbol "CYCH"
and its shares rose 79% on the first day of trading.
In 1998, CyberCash bought another online credit card processing company,

ICVerify. In January 2000, a teenage Russian hacker nicknamed "Maxus" announced
he had cracked CyberCash's ICVerify application; the company denied this.
On January 1, 2000, CyberCash fell victim to the Y2K Bug, causing double
recording of credit card payments through their system.
4. What is E-Commerce Providers ?

TECH
TECH
E-com providers are those who make enough preparations or arrangements for
the business via the internet. They use the latest and apt technologies so that they
can be successful to best adapt the internet business environment.
Ex. Visa , mastercard
Online Commerce Options:
When customers order products electronically they should not make any
choices or any special arrangements. So the merchants should only make
arrangements for the products that he is going to sell via the net that is with the basic
requirements the customers should be able to order products.
For this purpose Banks and other financial institutions are working with
companies like cybercash, first virtual, netscape, Microsoft and others in an effort to
produce payment system for consumers and merchant alike.
Consumer choices:
Consumers can opt to do nothing beyond getting a web browser that supports
the secure exchange of transaction info. Using either SSL or SHTTP protocols.
This may prove sufficient for many consumer needs:
a. lets the customer pay for goods and services by credit card.
b. It protects the transaction from being intercepted.
But his doesn’t protect the consumers from dishonest merchants. For that consumers
must be educated.
The transaction of the amount is made with the credit cards. But problems are also
there with these credit cards.
c. The card we use may not be accepted by the merchant

d. Some cards may be accepted in more places but not at the places that we need to
shop.
e. For security purpose we can Register with a third party which will act as a go
between for the merchant and the consumer. i.e. he can act on behalf of both the
merchant & the consumer.
f. For consumer with spl bank a/c electronic checking or digital cash products may be
a good option where the consumer encrypts the payment settlement into and is sent
to the consumers bank where it is decrypted. Then the payment is sent to the
merchant
Merchant Options:
a. The merchants must take greater care in setting up to accept electronic payments.
b. For this we can have someone to manage a secure web server and set up shop
there
c. There are hundreds of “electronic malls “ active on the internet on which
TECH
TECH
merchants can set up these shop.
We have other options too.

d. In addition to secure or commerce server which supports credit card payments
merchants can also accept less familiar payment methods such as digital cash or
electronic cash.
Choosing Functions and Features
The expectation of consumers from the electronic commerce provider will

probably be
• Reliability
• Security
• Simplicity
• Acceptability
Reliability
Consumers have come to rely on their credit cards and charge card companies
not just to extend credit, but to extend protection against
a. Unsourplous vendors
b. Thieves
c. Vicissitudes of daily life
The same kind of reliability will be expected of electronic commerce providers.
Security
a. This is a very important issue which will never go away.
b. The strongest possible encryption will have many security loop hole in it.(Even if
the strongest possible encryption is used to send payment info. there are still many
security holes).
This kind of transactions and methods used in encryption and decryption for
security can be exposed three any no. of non_internet attacks.
c. The dissatisfied employee with access to payment info.
d. Storage of payment info with insufficient security.
e. Improper disposal of printed material.
Simplicity
a. E-com schemes must be simple to achieve widespread appeal.
b. Consumers prefer to use a single, multipurpose credit card such as Visa or Master
card rather than set up credit accounts with every diff retailer they purchase from.
c. The same goes for e-com schemes, if they can be made to be simple, painless and
even more easy than transacting business in person, then they will be successful.
Acceptability
E-com schemes should offer widespread acceptability.

TECH
TECH
A scheme that is accepted only by a few merchants will not be attractive to
consumers who don’t do business with those merchants, a scheme that few
consumers have chosen will be one that merchants seek out.
Conclusion
The industry is still in the very earliest phase of its infancy and is undergoing
rapid change every day . There are many companies that are involved in the internet
commerce area. Some of them are working together, while others are competing, the
only certainty is that “ Things will Change!!!”
UNIT – V
ONLINE COMMERCE ENVIRONMENTS
PART – A
1. What is Electronic Data Interchange ?
Electronic Data Interchange (EDI) is a set of standards for structuring

information that is to be electronically exchanged between and within businesses,
organizations, government entities and other groups. The standards describe
structures that emulate documents, for example purchase orders to automate
purchasing. The term EDI is also used to refer to the implementation and operation of
systems and processes for creating, transmitting, and receiving EDI documents.
Despite being relatively unheralded, in this era of technologies such as XML

services, the Internet and the World Wide Web, EDI is still the data format used by the
vast majority of electronic commerce transactions in the world.
2. What is Standards?
Generally speaking, EDI is considered to be a technical representation of a

business conversation between two entities, either internal or external. Note, there is
a perception that "EDI" consists of the entire electronic data interchange paradigm,
including the transmission, message flow, document format, and software used to
interpret the documents. EDI is considered to describe the rigorously standardized
format of electronic documents.
The EDI (Electronic Data Interchange) standards were designed to be

independent of communication and software technologies. EDI can be transmitted
using any methodology agreed to by the sender and recipient. This includes a variety
of technologies, including modem (asynchronous, and bisynchronous), FTP, Email,
HTTP, AS1, AS2, WebSphere MQ, etc. It is important to differentiate between the EDI
documents and the methods for transmitting them. While comparing the
bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks
used to transmit EDI documents to transmitting via the Internet, some people equated
the non-Internet technologies with EDI and predicted erroneously that EDI itself would
TECH
TECH
be replaced along with the non-Internet technologies. These non-internet transmission
methods are being replaced by Internet Protocols such as FTP, telnet, and e-mail, but
the EDI documents themselves still remain.
As more trading partners use the Internet for transmission, standards have
emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure
method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group
ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing
similar documents for FTP transfers (aka. AS3). While some EDI transmission has
moved to these newer protocols the providers of the value-added networks remain
active.
EDI documents generally contain the same information that would normally be
found in a paper document used for the same organizational function. For example an
EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to
ship product to a retailer. It typically has a ship to address, bill to address, a list of
product numbers (usually a UPC code) and quantities. It may have other information if
the parties agree to include it. However, EDI is not confined to just business data
related to trade but encompasses all fields such as medicine (e.g., patient records and
laboratory results), transport (e.g., container and modal information), engineering and
construction, etc. In some cases, EDI will be used to create a new business
information flow (that was not a paper flow before). This is the case in the Advanced
Shipment Notification (856) which was designed to inform the receiver of a shipment,
the goods to be received and how the goods are packaged.
3. What are four major sets of EDI standards?
The UN-recommended UN/EDIFACT is the only international standard and is

predominant outside of North America.
The US standard ANSI ASC X12 (X12) is predominant in North America.
The TRADACOMS standard developed by the ANA (Article Numbering Association) is

predominant in the UK retail industry.
The ODETTE standard used within the European automotive industry
All of these standards first appeared in the early to mid 1980s. The standards
prescribe the formats, character sets, and data elements used in the exchange of
business documents and forms. The complete X12 Document List includes all major
business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and
an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).
The EDI standard says which pieces of information are mandatory for a
particular document, which pieces are optional and give the rules for the structure of
the document. The standards are like building codes. Just as two kitchens can be built
"to code" but look completely different, two EDI documents can follow the same

TECH
TECH
standard and contain different sets of information. For example a food company may
indicate a product's expiration date while a clothing manufacturer would choose to
send color and size information.
4. What are Specifications?
Organizations that send or receive documents from each other are referred to
as "trading partners" in EDI terminology. The trading partners agree on the specific
information to be transmitted and how it should be used. This is done in human
readable specifications (also called Message Implementation Guidelines). While the
standards are analogous to building codes, the specifications are analogous to blue
prints. (The specification may also be called a mapping but the term mapping is
typically reserved for specific machine readable instructions given to the translation
software.) Larger trading "hubs" have existing Message Implementation Guidelines
which mirror their business processes for processing EDI and they are usually
unwilling to modify their EDI business practices to meet the needs of their trading
partners. Often in a large company these EDI guidelines will be written to be generic
enough to be used by different branches or divisions and therefore will contain
information not needed for a particular business document exchange. For other large
companies, they may create separate EDI guidelines for each branch/division.
5. What are Transmission?
Trading partners are free to use any method for the transmission of documents.
In the past one of the more popular methods was the usage of a bisync modem to
communicate through a Value Added Network (VAN). Some organizations have used
direct modem to modem connections and Bulletin Board Systems (BBS), and recently
there has been a move towards using the some of the many Internet protocols for
transmission, but most EDI is still transmitted using a VAN. In the healthcare industry,
a VAN is referred to as a "Clearinghouse".
6. What are Value Added Networks?
In the most basic form, a VAN acts as a regional post office. They receive
transactions, examine the 'From' and the 'To' information, and route the transaction
to the final recipient. VANs provide a number of additional services, e.g.
retransmitting documents, providing third party audit information, acting as a
gateway for different transmission methods, and handling telecommunications
support. Because of these and other services VANs provide, businesses frequently use
a VAN even when both trading partners are using Internet-based protocols.
Healthcare clearinghouses perform many of the same functions as a VAN, but have
additional legal restrictions that govern protected healthcare information.
VANs also provide an advantage with certificate replacement in AS2

transmissions. Because each node in a traditionally business-related AS2 transmission
usually involves a security certificate, routing a large number of partners through a
VAN can make certificate replacement much easier.
7. What are Internet?
TECH
TECH
Until recently, the Internet transmission was handled by nonstandard methods

between trading partners usually involving FTP or email attachments. There are also
standards for embedding EDI documents into XML. Many organizations are migrating
to this protocol to reduce costs. For example, Wal-Mart is now requiring its trading
partners to switch to the AS2 protocol.
PART – B
1. Explain Interpreting data?
Often missing from the EDI specifications (referred to as EDI Implementation

Guidelines) are real world descriptions of how the information should be interpreted
by the business receiving it. For example, suppose candy is packaged in a large box
TECH
TECH
that contains 5 display boxes and each display box contains 24 boxes of candy
packaged for the consumer. If an EDI document says to ship 10 boxes of candy it may
not be clear whether to ship 10 consumer packaged boxes, 240 consumer packaged
boxes or 1200 consumer packaged boxes. It is not enough for two parties to agree to
use a particular qualifier indicating case, pack, box or each; they must also agree on
what that particular qualifier means.
EDI translation software provides the interface between internal systems and
the EDI format sent/received. For an "inbound" document the EDI solution will receive
the file (either via a Value Added Network or directly using protocols such as FTP or
AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that
the trading partner who is sending the file is a valid trading partner, that the structure
of the file meets the EDI standards and that the individual fields of information
conforms to the agreed upon standards. Typically the translator will either create a
file of either fixed length, variable length or XML tagged format or "print" the received
EDI document (for non-integrated EDI environments). The next step is to
convert/transform the file that the translator creates into a format that can be
imported into a company's back-end business systems or ERP. This can be
accomplished by using a custom program, an integrated proprietary "mapper" or to
use an integrated standards based graphical "mapper" using a standard data
transformation language such as XSLT. The final step is to import the transformed file
(or database) into the company's back-end enterprise resource planning (ERP).
For an "outbound" document the process for integrated EDI is to export a file (or
read a database) from a company's back-end ERP, transform the file to the
appropriate format for the translator. The translation software will then "validate" the
EDI file sent to ensure that it meets the standard agreed upon by the trading partners,
convert the file into "EDI" format (adding in the appropriate identifiers and control
structures) and send the file to the trading partner (using the appropriate
communications protocol).
Another critical component of any EDI translation software is a complete "audit"

of all the steps to move business documents between trading partners. The audit
ensures that any transaction (which in reality is a business document) can be tracked
to ensure that they are not lost. In case of a retailer sending a Purchase Order to a
supplier, if the Purchase Order is "lost" anywhere in the business process, the effect is
devastating to both businesses. To the supplier, they do not fulfill the order as they
have not received it thereby losing business and damaging the business relationship
with their retail client. For the retailer, they have a stock outage and the effect is lost
sales, reduced customer service and ultimately lower profits.
In EDI terminology "inbound" and "outbound" refer to the direction of

transmission of an EDI document in relation to a particular system, not the direction of
merchandise, money or other things represented by the document. For example, an
EDI document that tells a warehouse to perform an outbound shipment is an inbound
document in relation to the warehouse computer system. It is an outbound document
in relation to the manufacturer or dealer that transmitted the document.
TECH
TECH
2. Explain Advantages of using EDI?
EDI and other similar technologies save a company money by providing an

alternative to or replacing information flows that require a great deal of human
interaction and materials such as paper documents, meetings, faxes, email, etc. Even
when paper documents are maintained in parallel with EDI exchange, e.g. printed
shipping manifests, electronic exchange and the use of data from that exchange
reduces the handling costs of sorting, distributing, organizing, and searching paper
documents. EDI and similar technologies allow a company to take advantage of the
benefits of storing and manipulating data electronically without the cost of manual
entry or scanning.
Barriers to implementation
There are a few barriers to adopting electronic data interchange. One of the
most significant barriers is the accompanying business process change. Existing
business processes built around slow paper handling may not be suited for EDI and
would require changes to accommodate automated processing of business
documents. For example, a business may receive the bulk of their goods by 1 or 2 day
shipping and all of their invoices by mail. The existing process may therefore assume
that goods are typically received before the invoice. With EDI, the invoice will typically
be sent when the goods ship and will therefore require a process that handles large
numbers of invoices whose corresponding goods have not yet been received.
Another significant barrier is the cost in time and money in the initial set-up.
The preliminary expenses and time that arise from the implementation, customization
and training can be costly and therefore may discourage some businesses. The key is
to determine what method of integration is right for your company which will
determine the cost of implementation. For a business that only receives one P.O. per
year from a client, fully integrated EDI may not make economic sense. In this case,
businesses may implement inexpensive "rip and read" solutions or use outsourced EDI
solutions provided by EDI "Service Bureaus". For other businesses, the
implementation of an integrated EDI solution may be necessary as increase in trading
volumes brought on by EDI force them to re-implement their order processing
business processes.
The key hindrance to a successful implementation of EDI is the perception many
businesses have of the nature of EDI. Many view EDI from the technical perspective
that EDI is a data format; it would be more accurate to take the business view that
EDI is a system for exchanging business documents with external entities, and
integrating the data from those documents into the company's internal systems.
Successful implementations of EDI take into account the effect externally generated
information will have on their internal systems and validate the business information
received. For example, allowing a supplier to update a retailer's Accounts Payables
system without appropriate checks and balances would be a recipe for disaster.
Businesses new to the implementation of EDI should take pains to avoid such pitfalls.

TECH
TECH
Increased efficiency and cost savings drive the adoption of EDI for most trading
partners. But even if a company would not choose to use EDI on their own, pressures
from larger trading partners (called hubs) often force smaller trading partners to use
EDI.
Netscape Commerce Server
DESCRIPTION
Netscape™ Commerce Server™ Version 1.12 for Open-VMS™ is software for

conducting secure electronic commerce and communications on the Internet and
other TCP/IP-based networks.
Netscape Commerce Server provides the capability to publish hypermedia

documents using the HyperText Markup Language (HTML) and deliver them over the
Internet and other TCP/IP networks using the Hyper-Text Transport Protocol (HTTP). To
ensure data security, Netscape Commerce Server provides advanced security
features such as server authentication, data encryption, data integrity, and user
authorization. Communications are based on open standards such as HTML, HTTP, the
Common Gateway Interface (CGI), and the Secure Sockets Layer (SSL) protocol..
FEATURES AND BENEFITS
Integrated Security
Netscape Commerce Server provides integrated security features designed to

allow secure electronic commerce and communications. Flexible user authorization
controls access to individual files or directories using a user name and password,
domain name, host name, IP address, or named groups.
Advanced security features are provided using the open SSL protocol, which has
been published on the Internet and adopted by major providers of Internet hardware
and software products, financial institutions, and certification authorities.
Secure Sockets Layer

SSL provides:
• Server authentication, which allows any SSL compatible client to verify the identity
of the server using a certificate and a digital signature.
• Data encryption, which ensures the privacy of client/server communications by

encrypting the data stream between the two entities.
• Data integrity, which verifies that the contents of a message arrive at their
destination in the same form as they were sent.

TECH
TECH
SSL employs public key cryptographic technology from RSA Data Security, an
established leader in Computer data security, and works with various encryption
algorithms.
Netscape Commerce Server supports public key encryption and delivers server
authentication using signed digital certificates. A digital certificate is used to associate
an identity with a server’s public key. Digital signatures ensure the integrity and
authenticity of information within a certificate. Netscape Commerce Server requires a
signed digital certificate to operate securely;
Certification is an additional fee-based service. Pricing is available from your

certification authority.
Encryption Support Netscape Commerce Server is available in both 40-bit and 128-
bit encryption schemes. The difference between 128- and 40-bit encryption is, most
notably, that the U.S. government restricts the export of 128-bit encryption but not
the export of 40-bit encryption.128-bit encryption provides significantly greater
cryptographic protection than 40-bit encryption. It is now necessary to employ larger
keys to counter the increasing computing power of potential criminals.
128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit
encryption is roughly
309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption. 40-bit

encryption is not considered ‘‘strong’’ security in the cryptographic community. Even
accounting for Moore’s Law, which states that computing power doubles about every
18 months, 128-bit encryption represents a very strong method of encryption for the
forseeable future.
Note: Netscape products use a different key for every different security-enhanced
communication, regardless of key size. This means that even if criminals were to
devote significant resources and time to breaking a key for one encrypted
communication, the discovered key would be useless for other communications.
Please note that this product is subject to export restrictions under the U.S.
Department of Commerce’s Export Administration Regulations (EAR) and cannot be
transmitted in any form outside the United States or to a foreign national in the United
States without a valid Department of Commerce export license.
Open Standards
Netscape’s compatibility with network standards and document formats makes

it interoperable with other environments and systems. Netscape Commerce Server
supports HTTP V1.0, ensuring compatibility with any HTTP-compatible clients or
servers, and delivers HTML documents, including full use of Multipurpose Internet Mail
Extension (MIME) types and standard image formats such as GIF and JPEG. The server
integrates readily with legacy systems using the Common Gateway Interface (CGI), a
TECH
TECH
standard API used across the installed base of existing web servers. High-Performance
Serving Netscape’s process manager allows the creation of a configurable number of
processes that reside in memory, waiting to fulfill HTTP requests. This improves
system performance by eliminating the unnecessary overhead of creating and
deleting processes to fulfill every HTTP request. The dynamic process management
algorithm increases the number of server processes within configurable limits to
efficiently handle periods of peak demand. It also dramatically reduces system load
and increases system reliability. This efficiency leaves additional CPU resources
available for running other applications. Intuitive Server Management Netscape
Commerce Server uses the Netscape Navigator ™ graphical interface to provide a
consistent, easy to- use operating environment. Its simple user interface and forms
capability provide point-and-click server installation,
Configuration, and maintenance. Forms are used for the initial server
configuration, as well as to manage all server functions, including user authorization,
transaction logging, and process configuration.
TECHNICAL SPECIFICATIONS
Netscape Commerce Server Version 1.12 conforms to the following technical

specifications:
• Provides sophisticated support for clustering, including transparent operation on
mixed-architecture OpenVMS Clusters. This allows you to have a primary Web server
on one cluster system (either VAX or Alpha), with automatic, transparent failover to
any other system in the cluster (either VAX or Alpha).
• Is compatible with network standards.
— Supports industry-standard HTTP V1.0 protocol.
• Serves all HTTP-compatible clients:

— Serves HTML documents; supports MIME typing
through file name extensions — Is CGI V1.1 compliant
• Provides integrated security using SSL, which incorporates public key cryptography
technology from RSA Data Security.
• Offers enhanced user authorization, including HTTP V1.0 access authorization, IP
and DNS-based access control, local access control, user-controlled passwords, and
named groups.
• Provides an intuitive graphical user interface using Netscape Navigator for
installation, configuration, and management.
• Extensive online documentation provides context sensitive help.
• Log analysis tools allow summaries of log information so that it can be used to
better manage server functions.
• Provides flexibility in configuration and management, including:
— Configuration by file, directory, shell wildcard pattern, or template. Templates
allow a set of configuration parameters to be created and applied to multiple
directories (such as all user directories)
— Configurable logging options; client accesses logged in common logfile format
TECH
TECH
— Custom error messages
SOFTWARE PREREQUISITES
Netscape Commerce Server Version 1.12 for OpenVMS requires:
• OpenVMS Version 6.1 or later
• DECwindows™ Motif ® Version 1.2-3 for OpenVMS or later (only needed for running
a browser on Open- VMS to manage the server)
• DIGITAL TCP/IP Services for OpenVMS Version 3.3 or later or any TCP/IP product for
OpenVMS that supports the Berkeley socket interface
HARDWARE REQUIREMENTS
Netscape Commerce Server has no specific hardware requirements. Any valid,

supported configuration can support the server. The level of performance will vary
depending upon the processor, memory, and system load.
ORDERING INFORMATION
• Media: OpenVMS Internet Product Suite Media Kit (CD–ROM; Alpha and VAX):
QA-5CNAA-H8 (International) QA-577AA-H8 (U.S. and Canada only)
• License: Netscape Commerce Server V1.12 for OpenVMS VAX or Alpha: QL-579A9-
AA (International)
QL-5CQA9-AA (U.S. and Canada only)
SOFTWARE WARRANTY
DIGITAL warrants its software products according to the terms of the DIGITAL
license for each product. DIGITAL warrants that the software will substantially conform
to the applicable Software Product Description or documentation accompanying the
software unless provided "AS IS."
SOFTWARE PRODUCT SERVICES
A variety of service options for this product are available from DIGITAL. For
more information, contact your local DIGITAL account representative.
FOR MORE INFORMATION
For more information about OpenVMS Internet Product Suite, visit the OpenVMS
home page at: http://www.openvms.digital.com ™ DEC, DECnet, DECwindows,
DIGITAL, OpenVMS,VAX, VAXcluster, and the DIGITAL logo are trademarks of Digital
Equipment Corporation.

TECH
TECH
™ Netscape, Netscape Commerce Server, and Netscape Navigator are
trademarks of Netscape Communications Corporation.
3. Explain Electronic Data Interchange?
Electronic Data Interchange (EDI) is a set of standards for structuring

information that is to be electronically exchanged between and within businesses,
organizations, government entities and other groups. The standards describe
structures that emulate documents, for example purchase orders to automate
purchasing. The term EDI is also used to refer to the implementation and operation of
systems and processes for creating, transmitting, and receiving EDI documents.
Despite being relatively unheralded, in this era of technologies such as XML

services, the Internet and the World Wide Web, EDI is still the data format used by the
vast majority of electronic commerce transactions in the world.
4. Write short note on

a. Standards
b. Specifications
c. Transmission
a. Standards
Generally speaking, EDI is considered to be a technical representation of a

business conversation between two entities, either internal or external. Note, there is
a perception that "EDI" consists of the entire electronic data interchange paradigm,
including the transmission, message flow, document format, and software used to
interpret the documents. EDI is considered to describe the rigorously standardized
format of electronic documents.
The EDI (Electronic Data Interchange) standards were designed to be

independent of communication and software technologies. EDI can be transmitted
using any methodology agreed to by the sender and recipient. This includes a variety
of technologies, including modem (asynchronous, and bisynchronous), FTP, Email,
HTTP, AS1, AS2, WebSphere MQ, etc. It is important to differentiate between the EDI
documents and the methods for transmitting them. While comparing the
bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks
used to transmit EDI documents to transmitting via the Internet, some people equated
the non-Internet technologies with EDI and predicted erroneously that EDI itself would
be replaced along with the non-Internet technologies. These non-internet transmission
methods are being replaced by Internet Protocols such as FTP, telnet, and e-mail, but
the EDI documents themselves still remain.
As more trading partners use the Internet for transmission, standards have
emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure
method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group
TECH
TECH
ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing
similar documents for FTP transfers (aka. AS3). While some EDI transmission has
moved to these newer protocols the providers of the value-added networks remain
active.
EDI documents generally contain the same information that would normally be
found in a paper document used for the same organizational function. For example an
EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to
ship product to a retailer. It typically has a ship to address, bill to address, a list of
product numbers (usually a UPC code) and quantities. It may have other information if
the parties agree to include it. However, EDI is not confined to just business data
related to trade but encompasses all fields such as medicine (e.g., patient records and
laboratory results), transport (e.g., container and modal information), engineering and
construction, etc. In some cases, EDI will be used to create a new business
information flow (that was not a paper flow before). This is the case in the Advanced
Shipment Notification (856) which was designed to inform the receiver of a shipment,
the goods to be received and how the goods are packaged.
There are four major sets of EDI standards:
The UN-recommended UN/EDIFACT is the only international standard and is

predominant outside of North America.
The US standard ANSI ASC X12 (X12) is predominant in North America.
The TRADACOMS standard developed by the ANA (Article Numbering Association) is

predominant in the UK retail industry.
The ODETTE standard used within the European automotive industry
All of these standards first appeared in the early to mid 1980s. The standards
prescribe the formats, character sets, and data elements used in the exchange of
business documents and forms. The complete X12 Document List includes all major
business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and
an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).
The EDI standard says which pieces of information are mandatory for a
particular document, which pieces are optional and give the rules for the structure of
the document. The standards are like building codes. Just as two kitchens can be built
"to code" but look completely different, two EDI documents can follow the same
standard and contain different sets of information. For example a food company may
indicate a product's expiration date while a clothing manufacturer would choose to
send color and size information.
b. Specifications
Organizations that send or receive documents from each other are referred to
TECH
TECH
as "trading partners" in EDI terminology. The trading partners agree on the specific
information to be transmitted and how it should be used. This is done in human
readable specifications (also called Message Implementation Guidelines). While the
standards are analogous to building codes, the specifications are analogous to blue
prints. (The specification may also be called a mapping but the term mapping is
typically reserved for specific machine readable instructions given to the translation
software.) Larger trading "hubs" have existing Message Implementation Guidelines
which mirror their business processes for processing EDI and they are usually
unwilling to modify their EDI business practices to meet the needs of their trading
partners. Often in a large company these EDI guidelines will be written to be generic
enough to be used by different branches or divisions and therefore will contain
information not needed for a particular business document exchange. For other large
companies, they may create separate EDI guidelines for each branch/division.
c. Transmission
Trading partners are free to use any method for the transmission of documents.
In the past one of the more popular methods was the usage of a bisync modem to
communicate through a Value Added Network (VAN). Some organizations have used
direct modem to modem connections and Bulletin Board Systems (BBS), and recently
there has been a move towards using the some of the many Internet protocols for
transmission, but most EDI is still transmitted using a VAN. In the healthcare industry,
a VAN is referred to as a "Clearinghouse".
5. Write short note on

a. Value Added Networks
b. Internet
c. Interpreting data
a. Value Added Networks
In the most basic form, a VAN acts as a regional post office. They receive
transactions, examine the 'From' and the 'To' information, and route the transaction
to the final recipient. VANs provide a number of additional services, e.g.
retransmitting documents, providing third party audit information, acting as a
gateway for different transmission methods, and handling telecommunications
support. Because of these and other services VANs provide, businesses frequently use
a VAN even when both trading partners are using Internet-based protocols.
Healthcare clearinghouses perform many of the same functions as a VAN, but have
additional legal restrictions that govern protected healthcare information.
VANs also provide an advantage with certificate replacement in AS2

transmissions. Because each node in a traditionally business-related AS2 transmission
usually involves a security certificate, routing a large number of partners through a
VAN can make certificate replacement much easier.

TECH
TECH
b. Internet
Until recently, the Internet transmission was handled by nonstandard methods

between trading partners usually involving FTP or email attachments. There are also
standards for embedding EDI documents into XML. Many organizations are migrating
to this protocol to reduce costs. For example, Wal-Mart is now requiring its trading
partners to switch to the AS2 protocol.
c. Interpreting data
Often missing from the EDI specifications (referred to as EDI Implementation

Guidelines) are real world descriptions of how the information should be interpreted
by the business receiving it. For example, suppose candy is packaged in a large box
that contains 5 display boxes and each display box contains 24 boxes of candy
packaged for the consumer. If an EDI document says to ship 10 boxes of candy it may
not be clear whether to ship 10 consumer packaged boxes, 240 consumer packaged
boxes or 1200 consumer packaged boxes. It is not enough for two parties to agree to
use a particular qualifier indicating case, pack, box or each; they must also agree on
what that particular qualifier means.
EDI translation software provides the interface between internal systems and
the EDI format sent/received. For an "inbound" document the EDI solution will receive
the file (either via a Value Added Network or directly using protocols such as FTP or
AS2), take the received EDI file (commonly referred to as a "mailbag"), validate that
the trading partner who is sending the file is a valid trading partner, that the structure
of the file meets the EDI standards and that the individual fields of information
conforms to the agreed upon standards. Typically the translator will either create a
file of either fixed length, variable length or XML tagged format or "print" the received
EDI document (for non-integrated EDI environments). The next step is to
convert/transform the file that the translator creates into a format that can be
imported into a company's back-end business systems or ERP. This can be
accomplished by using a custom program, an integrated proprietary "mapper" or to
use an integrated standards based graphical "mapper" using a standard data
transformation language such as XSLT. The final step is to import the transformed file
(or database) into the company's back-end enterprise resource planning (ERP).
For an "outbound" document the process for integrated EDI is to export a file (or
read a database) from a company's back-end ERP, transform the file to the
appropriate format for the translator. The translation software will then "validate" the
EDI file sent to ensure that it meets the standard agreed upon by the trading partners,
convert the file into "EDI" format (adding in the appropriate identifiers and control
structures) and send the file to the trading partner (using the appropriate
communications protocol).
Another critical component of any EDI translation software is a complete "audit"

of all the steps to move business documents between trading partners. The audit
TECH
TECH
ensures that any transaction (which in reality is a business document) can be tracked
to ensure that they are not lost. In case of a retailer sending a Purchase Order to a
supplier, if the Purchase Order is "lost" anywhere in the business process, the effect is
devastating to both businesses. To the supplier, they do not fulfill the order as they
have not received it thereby losing business and damaging the business relationship
with their retail client. For the retailer, they have a stock outage and the effect is lost
sales, reduced customer service and ultimately lower profits.
In EDI terminology "inbound" and "outbound" refer to the direction of

transmission of an EDI document in relation to a particular system, not the direction of
merchandise, money or other things represented by the document. For example, an
EDI document that tells a warehouse to perform an outbound shipment is an inbound
document in relation to the warehouse computer system. It is an outbound document
in relation to the manufacturer or dealer that transmitted the document.
6. Explain Advantages of using EDI and Barriers to implementation?
Advantages over paper systems
EDI and other similar technologies save a company money by providing an

alternative to or replacing information flows that require a great deal of human
interaction and materials such as paper documents, meetings, faxes, email, etc. Even
when paper documents are maintained in parallel with EDI exchange, e.g. printed
shipping manifests, electronic exchange and the use of data from that exchange
reduces the handling costs of sorting, distributing, organizing, and searching paper
documents. EDI and similar technologies allow a company to take advantage of the
benefits of storing and manipulating data electronically without the cost of manual
entry or scanning.
Barriers to implementation
There are a few barriers to adopting electronic data interchange. One of the
most significant barriers is the accompanying business process change. Existing
business processes built around slow paper handling may not be suited for EDI and
would require changes to accommodate automated processing of business
documents. For example, a business may receive the bulk of their goods by 1 or 2 day
shipping and all of their invoices by mail. The existing process may therefore assume
that goods are typically received before the invoice. With EDI, the invoice will typically
be sent when the goods ship and will therefore require a process that handles large
numbers of invoices whose corresponding goods have not yet been received.
Another significant barrier is the cost in time and money in the initial set-up.
The preliminary expenses and time that arise from the implementation, customization
and training can be costly and therefore may discourage some businesses. The key is
to determine what method of integration is right for your company which will
determine the cost of implementation. For a business that only receives one P.O. per
year from a client, fully integrated EDI may not make economic sense. In this case,
TECH
TECH
businesses may implement inexpensive "rip and read" solutions or use outsourced EDI
solutions provided by EDI "Service Bureaus". For other businesses, the
implementation of an integrated EDI solution may be necessary as increase in trading
volumes brought on by EDI force them to re-implement their order processing
business processes.
The key hindrance to a successful implementation of EDI is the perception many

businesses have of the nature of EDI. Many view EDI from the technical perspective
that EDI is a data format; it would be more accurate to take the business view that
EDI is a system for exchanging business documents with external entities, and
integrating the data from those documents into the company's internal systems.
Successful implementations of EDI take into account the effect externally generated
information will have on their internal systems and validate the business information
received. For example, allowing a supplier to update a retailer's Accounts Payables
system without appropriate checks and balances would be a recipe for disaster.
Businesses new to the implementation of EDI should take pains to avoid such pitfalls.
Increased efficiency and cost savings drive the adoption of EDI for most trading
partners. But even if a company would not choose to use EDI on their own, pressures
from larger trading partners (called hubs) often force smaller trading partners to use
EDI.
Netscape Commerce Server
DESCRIPTION
Netscape™ Commerce Server™ Version 1.12 for Open-VMS™ is software for

conducting secure electronic commerce and communications on the Internet and
other TCP/IP-based networks.
Netscape Commerce Server provides the capability to publish hypermedia

documents using the HyperText Markup Language (HTML) and deliver them over the
Internet and other TCP/IP networks using the Hyper-Text Transport Protocol (HTTP). To
ensure data security, Netscape Commerce Server provides advanced security
features such as server authentication, data encryption, data integrity, and user
authorization. Communications are based on open standards such as HTML, HTTP, the
Common Gateway Interface (CGI), and the Secure Sockets Layer (SSL) protocol..
FEATURES AND BENEFITS
Integrated Security
Netscape Commerce Server provides integrated security features designed to

allow secure electronic commerce and communications. Flexible user authorization
controls access to individual files or directories using a user name and password,
domain name, host name, IP address, or named groups.

TECH
TECH
Advanced security features are provided using the open SSL protocol, which has
been published on the Internet and adopted by major providers of Internet hardware
and software products, financial institutions, and certification authorities.
Secure Sockets Layer

SSL provides:
• Server authentication, which allows any SSL compatible client to verify the identity
of the server using a certificate and a digital signature.
• Data encryption, which ensures the privacy of client/server communications by

encrypting the data stream between the two entities.
• Data integrity, which verifies that the contents of a message arrive at their
destination in the same form as they were sent.
SSL employs public key cryptographic technology from RSA Data Security, an
established leader in Computer data security, and works with various encryption
algorithms.
Netscape Commerce Server supports public key encryption and delivers server
authentication using signed digital certificates. A digital certificate is used to associate
an identity with a server’s public key. Digital signatures ensure the integrity and
authenticity of information within a certificate. Netscape Commerce Server requires a
signed digital certificate to operate securely;
Certification is an additional fee-based service. Pricing is available from your

certification authority.
Encryption Support Netscape Commerce Server is available in both 40-bit and 128-
bit encryption schemes. The difference between 128- and 40-bit encryption is, most
notably, that the U.S. government restricts the export of 128-bit encryption but not
the export of 40-bit encryption.128-bit encryption provides significantly greater
cryptographic protection than 40-bit encryption. It is now necessary to employ larger
keys to counter the increasing computing power of potential criminals.
128 bits and 40 bits refer to the size of the key used to encrypt the message. 128-bit
encryption is roughly
309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption. 40-bit

encryption is not considered ‘‘strong’’ security in the cryptographic community. Even
accounting for Moore’s Law, which states that computing power doubles about every
18 months, 128-bit encryption represents a very strong method of encryption for the
forseeable future.

TECH
TECH
*****************

TECH

E Commerce

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

E Commerce

Transféré par

Droits d'auteur :

Formats disponibles

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH

UNITS PAGE NO.

II. Security Technologies 30

III. Electronic Payment Methods 48

IV. Electronic Commerce Providers 75

V. Online Commerce Environments 84

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH

# 42 & 60, Avadi – Veltech Road, Avadi, Chennai – 62.

Phone : 044 26840603 email : veltech@vsnl.com

Preface to the First Edition

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH

Prepared By : Ms. X. Agnes Kala Rani.

MC1622 ELECTRONIC COMMERCE

Networks and Commercial Transactions - Internet and Other Novelties -

Why Internet Is Unsecure - Internet Security Holes - Cryptography : Objective -

Traditional Transactions : Updating - Offline and Online Transactions - Secure

Servers and Commercial Environments - Payment Methods - Server Market

Electric commerce: the conducting of business communication and transactions

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH

Four Components to use the Internet in an easy manner:

3. How the internet works ?

a. Addressing and the Domain name system:

The components given below are mainly used in Network Security.

A protocol is a well-defined specification that allows computers to communicate

IP stands for "Internet Protocol". It can be thought of as the common language

10. What is an IP address?

IP addresses are analogous to telephone numbers – when you want to call

11. Transfer Control Protocol:

TCP is a transport-layer protocol. It needs to sit on top of a network-layer

12. Types of Network:

a. LAN(Local Area Network).

13. E-commerce models.

a.B2C3.B2G 5.C2B(Consumer to Business)

14. What are the Advantages of Electronic payment systems?

16. What are the advantages of E-Commerce?

• New marketing time opportunities.

VEL TECH VEL TECH MULTI TECH VEL TECH HIGH

A commercial contract deals with purely business or commercial transaction. Any

1. EXPLAIN INTERNET ENVIRONMENT

A worldwide system of interconnected computer networks. The origins of the

The Internet is a combination of several media technologies and an electronic

The Internet 'Ls technological success depends on its principal communication

TCP/IP is a set of protocols developed to allow cooperating computers to share

Mail transfer allows a user to send messages to users on other computers.

Other services have also become important: resource sharing, diskless

TCP is responsible for breaking up the message into datagrams, reassembling

Domain Name System

The addressing system on the Internet generates IP addresses, which are

World Wide Web

Commerce on the Internet

Commerce on the Internet is known by a few other names, such as e-business,

World Wide Web :

HTML Is the Format

HTTP Can Deliver Anything

Where It Came From - Where It's Going

2 . Explain Ecommerce | Online vs "Traditional" Commerce

Expectations Are Learned Offline

Users come to online commerce with some key experiential understandings of

Identity. Customers can easily authenticate the identity of a merchant simply by

Discourse. Customers can converse with the merchant face-to-face; unmediated

An online commerce customer faces mediation in every element and at every

3. Different Kinds of "Traditional" Commerce Models.